/* Look for an fx-cookie element in in_padata and add it to out_pa_list. */
static krb5_error_code
copy_cookie(krb5_context context, krb5_pa_data **in_padata,
krb5_pa_data ***out_pa_list, int *out_pa_list_size)
{
krb5_error_code ret;
krb5_pa_data *cookie, *pa = NULL;
cookie = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_COOKIE);
if (cookie == NULL)
return 0;
TRACE_PREAUTH_COOKIE(context, cookie->length, cookie->contents);
pa = k5alloc(sizeof(*pa), &ret);
if (pa == NULL)
return ret;
*pa = *cookie;
pa->contents = k5alloc(cookie->length, &ret);
if (pa->contents == NULL)
goto error;
memcpy(pa->contents, cookie->contents, cookie->length);
ret = grow_pa_list(out_pa_list, out_pa_list_size, &pa, 1);
if (ret)
goto error;
return 0;
error:
free(pa->contents);
free(pa);
return ENOMEM;
}
/* Set salt in rock based on pw-salt or afs3-salt elements in padata. */
static krb5_error_code
get_salt(krb5_context context, krb5_pa_data **padata,
krb5_kdc_req *request, krb5_clpreauth_rock rock)
{
krb5_error_code ret;
krb5_pa_data *pa;
krb5_data d;
const char *p;
/* Look for a pw-salt or afs3-salt element. */
pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_PW_SALT);
if (pa == NULL)
pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_AFS3_SALT);
if (pa == NULL)
return 0;
/* Set rock->salt based on the element we found. */
krb5_free_data_contents(context, rock->salt);
d = padata2data(*pa);
ret = krb5int_copy_data_contents(context, &d, rock->salt);
if (ret)
return ret;
/* Adjust the salt if we got it from an afs3-salt element. */
if (pa->pa_type == KRB5_PADATA_AFS3_SALT) {
/* Work around a (possible) old Heimdal KDC foible. */
p = memchr(rock->salt->data, '@', rock->salt->length);
if (p != NULL)
rock->salt->length = p - rock->salt->data;
/* Tolerate extra null in MIT KDC afs3-salt value. */
if (rock->salt->length > 0 &&
rock->salt->data[rock->salt->length - 1] == '\0')
rock->salt->length--;
/* Set an s2kparams value to indicate AFS string-to-key. */
krb5_free_data_contents(context, rock->s2kparams);
ret = alloc_data(rock->s2kparams, 1);
if (ret)
return ret;
rock->s2kparams->data[0] = '\1';
}
*rock->default_salt = FALSE;
TRACE_PREAUTH_SALT(context, rock->salt, pa->pa_type);
return 0;
}
static krb5_error_code
decrypt_fast_reply(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_pa_data **in_padata,
krb5_fast_response **response)
{
krb5_error_code retval = 0;
krb5_data scratch;
krb5_enc_data *encrypted_response = NULL;
krb5_pa_data *fx_reply = NULL;
krb5_fast_response *local_resp = NULL;
assert(state != NULL);
assert(state->armor_key);
fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST);
if (fx_reply == NULL)
retval = KRB5_ERR_FAST_REQUIRED;
TRACE_FAST_DECODE(context);
if (retval == 0) {
scratch.data = (char *) fx_reply->contents;
scratch.length = fx_reply->length;
retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response);
}
scratch.data = NULL;
if (retval == 0) {
scratch.data = malloc(encrypted_response->ciphertext.length);
if (scratch.data == NULL)
retval = ENOMEM;
scratch.length = encrypted_response->ciphertext.length;
}
if (retval == 0)
retval = krb5_c_decrypt(context, state->armor_key,
KRB5_KEYUSAGE_FAST_REP, NULL,
encrypted_response, &scratch);
if (retval != 0)
k5_prependmsg(context, retval, _("Failed to decrypt FAST reply"));
if (retval == 0)
retval = decode_krb5_fast_response(&scratch, &local_resp);
if (retval == 0) {
if (local_resp->nonce != state->nonce) {
retval = KRB5_KDCREP_MODIFIED;
k5_setmsg(context, retval, _("nonce modified in FAST response: "
"KDC response modified"));
}
}
if (retval == 0) {
*response = local_resp;
local_resp = NULL;
}
if (scratch.data)
free(scratch.data);
if (encrypted_response)
krb5_free_enc_data(context, encrypted_response);
if (local_resp)
krb5_free_fast_response(context, local_resp);
return retval;
}
krb5_error_code
krb5int_fast_verify_nego(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_kdc_rep *rep, krb5_data *request,
krb5_keyblock *decrypting_key,
krb5_boolean *fast_avail)
{
krb5_error_code retval = 0;
krb5_checksum *checksum = NULL;
krb5_pa_data *pa;
krb5_data scratch;
krb5_boolean valid;
*fast_avail = FALSE;
if (rep->enc_part2->flags& TKT_FLG_ENC_PA_REP) {
pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
KRB5_ENCPADATA_REQ_ENC_PA_REP);
if (pa == NULL)
retval = KRB5_KDCREP_MODIFIED;
else {
scratch.data = (char *) pa->contents;
scratch.length = pa->length;
}
if (retval == 0)
retval = decode_krb5_checksum(&scratch, &checksum);
if (retval == 0)
retval = krb5_c_verify_checksum(context, decrypting_key,
KRB5_KEYUSAGE_AS_REQ,
request, checksum, &valid);
if (retval == 0 &&valid == 0)
retval = KRB5_KDCREP_MODIFIED;
if (retval == 0) {
pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
KRB5_PADATA_FX_FAST);
*fast_avail = (pa != NULL);
}
}
TRACE_FAST_NEGO(context, *fast_avail);
if (checksum)
krb5_free_checksum(context, checksum);
return retval;
}
/* Return true if there is any overlap between padata types in cpadata
* (from the cookie) and rpadata (from the request). */
static krb5_boolean
is_relevant(krb5_pa_data *const *cpadata, krb5_pa_data *const *rpadata)
{
krb5_pa_data *const *p;
for (p = cpadata; p != NULL && *p != NULL; p++) {
if (krb5int_find_pa_data(NULL, rpadata, (*p)->pa_type) != NULL)
return TRUE;
}
return FALSE;
}
/* If state contains a cookie value for pa_type, set *out to the corresponding
* data and return true. Otherwise set *out to empty and return false. */
krb5_boolean
kdc_fast_search_cookie(struct kdc_request_state *state,
krb5_preauthtype pa_type, krb5_data *out)
{
krb5_pa_data *pa;
pa = krb5int_find_pa_data(NULL, state->in_cookie_padata, pa_type);
if (pa == NULL) {
*out = empty_data();
return FALSE;
} else {
*out = make_data(pa->contents, pa->length);
return TRUE;
}
}
krb5_boolean
krb5int_upgrade_to_fast_p(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_pa_data **padata)
{
if (state->armor_key != NULL)
return FALSE; /* Already using FAST. */
if (!(state->fast_state_flags & KRB5INT_FAST_ARMOR_AVAIL))
return FALSE;
if (krb5int_find_pa_data(context, padata, KRB5_PADATA_FX_FAST) != NULL) {
TRACE_FAST_PADATA_UPGRADE(context);
state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
return TRUE;
}
return FALSE;
}
krb5_error_code
krb5int_process_tgs_reply(krb5_context context,
struct krb5int_fast_request_state *fast_state,
krb5_data *response_data,
krb5_creds *tkt,
krb5_flags kdcoptions,
krb5_address *const *address,
krb5_pa_data **in_padata,
krb5_creds *in_cred,
krb5_timestamp timestamp,
krb5_int32 nonce,
krb5_keyblock *subkey,
krb5_pa_data ***out_padata,
krb5_pa_data ***out_enc_padata,
krb5_creds **out_cred)
{
krb5_error_code retval;
krb5_kdc_rep *dec_rep = NULL;
krb5_error *err_reply = NULL;
krb5_boolean s4u2self;
s4u2self = krb5int_find_pa_data(context, in_padata,
KRB5_PADATA_S4U_X509_USER) ||
krb5int_find_pa_data(context, in_padata,
KRB5_PADATA_FOR_USER);
if (krb5_is_krb_error(response_data)) {
retval = decode_krb5_error(response_data, &err_reply);
if (retval != 0)
goto cleanup;
retval = krb5int_fast_process_error(context, fast_state,
&err_reply, NULL, NULL);
if (retval)
goto cleanup;
retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5;
if (err_reply->text.length > 0) {
switch (err_reply->error) {
case KRB_ERR_GENERIC:
k5_setmsg(context, retval,
_("KDC returned error string: %.*s"),
err_reply->text.length, err_reply->text.data);
break;
case KDC_ERR_S_PRINCIPAL_UNKNOWN:
{
char *s_name;
if (err_reply->server &&
krb5_unparse_name(context, err_reply->server, &s_name) == 0) {
k5_setmsg(context, retval,
_("Server %s not found in Kerberos database"),
s_name);
krb5_free_unparsed_name(context, s_name);
} else
/* In case there's a stale S_PRINCIPAL_UNKNOWN
report already noted. */
krb5_clear_error_message(context);
}
break;
}
}
krb5_free_error(context, err_reply);
goto cleanup;
} else if (!krb5_is_tgs_rep(response_data)) {
retval = KRB5KRB_AP_ERR_MSG_TYPE;
goto cleanup;
}
/* Unfortunately, Heimdal at least up through 1.2 encrypts using
the session key not the subsession key. So we try both. */
retval = krb5int_decode_tgs_rep(context, fast_state, response_data, subkey,
KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY,
&dec_rep);
if (retval) {
TRACE_TGS_REPLY_DECODE_SESSION(context, &tkt->keyblock);
if ((krb5int_decode_tgs_rep(context, fast_state, response_data,
&tkt->keyblock,
KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY, &dec_rep)) == 0)
retval = 0;
else
goto cleanup;
}
if (dec_rep->msg_type != KRB5_TGS_REP) {
retval = KRB5KRB_AP_ERR_MSG_TYPE;
goto cleanup;
}
/*
* Don't trust the ok-as-delegate flag from foreign KDCs unless the
* cross-realm TGT also had the ok-as-delegate flag set.
*/
if (!tgt_is_local_realm(tkt)
&& !(tkt->ticket_flags & TKT_FLG_OK_AS_DELEGATE))
dec_rep->enc_part2->flags &= ~TKT_FLG_OK_AS_DELEGATE;
/* make sure the response hasn't been tampered with..... */
retval = 0;
if (s4u2self && !IS_TGS_PRINC(dec_rep->ticket->server)) {
/* Final hop, check whether KDC supports S4U2Self */
if (krb5_principal_compare(context, dec_rep->client, in_cred->server))
retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
} else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) {
/* XXX for constrained delegation this check must be performed by caller
* as we don't have access to the key to decrypt the evidence ticket.
*/
if (!krb5_principal_compare(context, dec_rep->client, tkt->client))
retval = KRB5_KDCREP_MODIFIED;
}
if (retval == 0)
retval = check_reply_server(context, kdcoptions, in_cred, dec_rep);
if (dec_rep->enc_part2->nonce != nonce)
retval = KRB5_KDCREP_MODIFIED;
if ((kdcoptions & KDC_OPT_POSTDATED) &&
(in_cred->times.starttime != 0) &&
(in_cred->times.starttime != dec_rep->enc_part2->times.starttime))
retval = KRB5_KDCREP_MODIFIED;
if ((in_cred->times.endtime != 0) &&
(dec_rep->enc_part2->times.endtime > in_cred->times.endtime))
retval = KRB5_KDCREP_MODIFIED;
if ((kdcoptions & KDC_OPT_RENEWABLE) &&
(in_cred->times.renew_till != 0) &&
(dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till))
retval = KRB5_KDCREP_MODIFIED;
if ((kdcoptions & KDC_OPT_RENEWABLE_OK) &&
(dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
(in_cred->times.endtime != 0) &&
(dec_rep->enc_part2->times.renew_till > in_cred->times.endtime))
retval = KRB5_KDCREP_MODIFIED;
if (retval != 0)
goto cleanup;
if (!in_cred->times.starttime &&
!in_clock_skew(dec_rep->enc_part2->times.starttime,
timestamp)) {
retval = KRB5_KDCREP_SKEW;
goto cleanup;
}
if (out_padata != NULL) {
*out_padata = dec_rep->padata;
dec_rep->padata = NULL;
}
if (out_enc_padata != NULL) {
*out_enc_padata = dec_rep->enc_part2->enc_padata;
dec_rep->enc_part2->enc_padata = NULL;
}
retval = kdcrep2creds(context, dec_rep, address,
&in_cred->second_ticket, out_cred);
if (retval != 0)
goto cleanup;
cleanup:
if (dec_rep != NULL) {
memset(dec_rep->enc_part2->session->contents, 0,
dec_rep->enc_part2->session->length);
krb5_free_kdc_rep(context, dec_rep);
}
return retval;
}
/*
* If state contains an armor key and *err_replyptr contains a FAST error,
* decode it and set *err_replyptr to the inner error and *out_padata to the
* padata in the FAST response. Otherwise, leave *err_replyptr alone and set
* *out_padata to the error e_data decoded as pa-data or typed-data, or to NULL
* if it doesn't decode as either. In either case, set *retry to indicate
* whether the client should try to make a follow-up request.
*/
krb5_error_code
krb5int_fast_process_error(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_error **err_replyptr,
krb5_pa_data ***out_padata,
krb5_boolean *retry)
{
krb5_error_code retval = 0;
krb5_error *err_reply = *err_replyptr;
krb5_pa_data *fx_error_pa;
krb5_pa_data **result = NULL;
krb5_data scratch = empty_data();
krb5_error *fx_error = NULL;
krb5_fast_response *fast_response = NULL;
if (out_padata)
*out_padata = NULL;
if (retry)
*retry = 0;
if (state->armor_key) {
retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
if (retval == 0)
retval = decrypt_fast_reply(context, state, result,
&fast_response);
if (retval) {
/*
* This can happen if the KDC does not understand FAST. We don't
* expect that, but treating it as the fatal error indicated by the
* KDC seems reasonable.
*/
if (retry != NULL)
*retry = 0;
krb5_free_pa_data(context, result);
return 0;
}
if (retval == 0) {
fx_error_pa = krb5int_find_pa_data(context, fast_response->padata,
KRB5_PADATA_FX_ERROR);
if (fx_error_pa == NULL) {
k5_setmsg(context, KRB5KDC_ERR_PREAUTH_FAILED,
_("Expecting FX_ERROR pa-data inside FAST "
"container"));
retval = KRB5KDC_ERR_PREAUTH_FAILED;
}
}
if (retval == 0) {
scratch = make_data(fx_error_pa->contents, fx_error_pa->length);
retval = decode_krb5_error(&scratch, &fx_error);
}
if (retval == 0) {
krb5_free_error(context, err_reply);
*err_replyptr = fx_error;
fx_error = NULL;
if (out_padata) {
*out_padata = fast_response->padata;
fast_response->padata = NULL;
}
/*
* If there is more than the fx_error padata, then we want
* to retry the error if a cookie is present
*/
if (retry != NULL) {
*retry = (*out_padata)[1] != NULL;
if (krb5int_find_pa_data(context, *out_padata,
KRB5_PADATA_FX_COOKIE) == NULL)
*retry = 0;
}
}
} else { /*not FAST*/
/* Possibly retry if there's any e_data to process. */
if (retry)
*retry = (err_reply->e_data.length > 0);
/* Try to decode e_data as pa-data or typed-data for out_padata. */
if (out_padata) {
retval = decode_krb5_padata_sequence(&err_reply->e_data,
out_padata);
if (retval != 0) {
(void)decode_krb5_typed_data(&err_reply->e_data, out_padata);
retval = 0;
}
}
}
krb5_free_pa_data(context, result);
krb5_free_fast_response(context, fast_response);
if (fx_error)
krb5_free_error(context, fx_error);
return retval;
}
/*
* Locate and decode the FAST cookie in req, storing its contents in state for
* later access by preauth modules. If the cookie is expired, return
* KRB5KDC_ERR_PREAUTH_EXPIRED if its contents are relevant to req, and ignore
* it if they aren't.
*/
krb5_error_code
kdc_fast_read_cookie(krb5_context context, struct kdc_request_state *state,
krb5_kdc_req *req, krb5_db_entry *local_tgt)
{
krb5_error_code ret;
krb5_secure_cookie *cookie = NULL;
krb5_timestamp now;
krb5_keyblock *key = NULL;
krb5_enc_data enc;
krb5_pa_data *pa;
krb5_kvno kvno;
krb5_data plain = empty_data();
pa = krb5int_find_pa_data(context, req->padata, KRB5_PADATA_FX_COOKIE);
if (pa == NULL)
return 0;
/* If it's not an MIT version 1 cookie, ignore it. It may be an empty
* "MIT" cookie or a cookie generated by a different KDC implementation. */
if (pa->length <= 8 || memcmp(pa->contents, "MIT1", 4) != 0)
return 0;
/* Extract the kvno and generate the corresponding cookie key. */
kvno = load_32_be(pa->contents + 4);
ret = get_cookie_key(context, local_tgt, kvno, req->client, &key, NULL);
if (ret)
goto cleanup;
/* Decrypt and decode the cookie. */
memset(&enc, 0, sizeof(enc));
enc.enctype = key->enctype;
enc.ciphertext = make_data(pa->contents + 8, pa->length - 8);
ret = alloc_data(&plain, pa->length - 8);
if (ret)
goto cleanup;
ret = krb5_c_decrypt(context, key, KRB5_KEYUSAGE_PA_FX_COOKIE, NULL, &enc,
&plain);
if (ret)
goto cleanup;
ret = decode_krb5_secure_cookie(&plain, &cookie);
if (ret)
goto cleanup;
/* Check if the cookie is expired. */
ret = krb5_timeofday(context, &now);
if (ret)
goto cleanup;
if (now - COOKIE_LIFETIME > cookie->time) {
/* Don't accept the cookie contents. Only return an error if the
* cookie is relevant to the request. */
if (is_relevant(cookie->data, req->padata))
ret = KRB5KDC_ERR_PREAUTH_EXPIRED;
goto cleanup;
}
/* Steal the pa-data list pointer from the cookie and store it in state. */
state->in_cookie_padata = cookie->data;
cookie->data = NULL;
cleanup:
zapfree(plain.data, plain.length);
krb5_free_keyblock(context, key);
k5_free_secure_cookie(context, cookie);
return 0;
}
krb5_error_code
krb5int_fast_prep_req(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_kdc_req *request,
const krb5_data *to_be_checksummed,
kdc_req_encoder_proc encoder,
krb5_data **encoded_request)
{
krb5_error_code retval = 0;
krb5_pa_data *pa_array[2], **pa_tgs_array = NULL;
krb5_pa_data pa[2];
krb5_fast_req fast_req;
krb5_pa_data *tgs = NULL;
krb5_fast_armored_req *armored_req = NULL;
krb5_data *encoded_fast_req = NULL;
krb5_data *encoded_armored_req = NULL;
krb5_data *local_encoded_result = NULL;
int i, j;
assert(state != NULL);
assert(state->fast_outer_request.padata == NULL);
memset(pa_array, 0, sizeof(pa_array));
if (state->armor_key == NULL) {
return encoder(request, encoded_request);
}
TRACE_FAST_ENCODE(context);
state->nonce = request->nonce;
fast_req.req_body = request;
if (fast_req.req_body->padata == NULL) {
fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *));
if (fast_req.req_body->padata == NULL)
retval = ENOMEM;
}
fast_req.fast_options = state->fast_options;
if (retval == 0
&& (tgs = krb5int_find_pa_data(context, fast_req.req_body->padata,
KRB5_PADATA_AP_REQ)) != NULL) {
krb5_pa_data **paptr = &fast_req.req_body->padata[0];
for (i = 0, j = 0; paptr[j] != NULL; j++) {
if (paptr[j]->pa_type == KRB5_PADATA_AP_REQ)
paptr[j] = NULL;
else
paptr[i++] = paptr[j];
}
paptr[i] = NULL;
}
if (retval == 0)
retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req);
if (retval == 0) {
armored_req = calloc(1, sizeof(krb5_fast_armored_req));
if (armored_req == NULL)
retval = ENOMEM;
}
if (retval == 0)
armored_req->armor = state->armor;
if (retval ==0)
retval = krb5_c_make_checksum(context, 0, state->armor_key,
KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
to_be_checksummed,
&armored_req->req_checksum);
if (retval == 0)
retval = krb5_encrypt_helper(context, state->armor_key,
KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req,
&armored_req->enc_part);
if (retval == 0)
retval = encode_krb5_pa_fx_fast_request(armored_req,
&encoded_armored_req);
if (retval == 0) {
pa[0].pa_type = KRB5_PADATA_FX_FAST;
pa[0].contents = (unsigned char *) encoded_armored_req->data;
pa[0].length = encoded_armored_req->length;
if (tgs) {
retval = make_tgs_outer_padata(tgs, pa, request->padata,
&pa_tgs_array);
state->fast_outer_request.padata = pa_tgs_array;
} else {
pa_array[0] = &pa[0];
state->fast_outer_request.padata = pa_array;
}
}
if (retval == 0)
retval = encoder(&state->fast_outer_request, &local_encoded_result);
if (retval == 0) {
*encoded_request = local_encoded_result;
local_encoded_result = NULL;
}
if (encoded_armored_req)
krb5_free_data(context, encoded_armored_req);
if (armored_req) {
armored_req->armor = NULL; /*owned by state*/
krb5_free_fast_armored_req(context, armored_req);
}
if (encoded_fast_req)
krb5_free_data(context, encoded_fast_req);
if (local_encoded_result)
krb5_free_data(context, local_encoded_result);
if (tgs) {
free(tgs->contents);
free(tgs);
}
state->fast_outer_request.padata = NULL;
free(pa_tgs_array);
return retval;
}
krb5_error_code
kdc_find_fast(krb5_kdc_req **requestptr,
krb5_data *checksummed_data,
krb5_keyblock *tgs_subkey,
krb5_keyblock *tgs_session,
struct kdc_request_state *state,
krb5_data **inner_body_out)
{
krb5_error_code retval = 0;
krb5_pa_data *fast_padata, *cookie_padata = NULL;
krb5_data scratch, *inner_body = NULL;
krb5_fast_req * fast_req = NULL;
krb5_kdc_req *request = *requestptr;
krb5_fast_armored_req *fast_armored_req = NULL;
krb5_checksum *cksum;
krb5_boolean cksum_valid;
krb5_keyblock empty_keyblock;
kdc_realm_t *kdc_active_realm = state->realm_data;
if (inner_body_out != NULL)
*inner_body_out = NULL;
scratch.data = NULL;
krb5_clear_error_message(kdc_context);
memset(&empty_keyblock, 0, sizeof(krb5_keyblock));
fast_padata = krb5int_find_pa_data(kdc_context,
request->padata, KRB5_PADATA_FX_FAST);
if (fast_padata != NULL){
scratch.length = fast_padata->length;
scratch.data = (char *) fast_padata->contents;
retval = decode_krb5_pa_fx_fast_request(&scratch, &fast_armored_req);
if (retval == 0 &&fast_armored_req->armor) {
switch (fast_armored_req->armor->armor_type) {
case KRB5_FAST_ARMOR_AP_REQUEST:
if (tgs_subkey) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
krb5_set_error_message(kdc_context, retval,
_("Ap-request armor not permitted "
"with TGS"));
break;
}
retval = armor_ap_request(state, fast_armored_req->armor);
break;
default:
krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
_("Unknown FAST armor type %d"),
fast_armored_req->armor->armor_type);
retval = KRB5KDC_ERR_PREAUTH_FAILED;
}
}
if (retval == 0 && !state->armor_key) {
if (tgs_subkey)
retval = krb5_c_fx_cf2_simple(kdc_context,
tgs_subkey, "subkeyarmor",
tgs_session, "ticketarmor",
&state->armor_key);
else {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
krb5_set_error_message(kdc_context, retval,
_("No armor key but FAST armored "
"request present"));
}
}
if (retval == 0) {
krb5_data plaintext;
plaintext.length = fast_armored_req->enc_part.ciphertext.length;
plaintext.data = malloc(plaintext.length);
if (plaintext.data == NULL)
retval = ENOMEM;
retval = krb5_c_decrypt(kdc_context,
state->armor_key,
KRB5_KEYUSAGE_FAST_ENC, NULL,
&fast_armored_req->enc_part,
&plaintext);
if (retval == 0)
retval = decode_krb5_fast_req(&plaintext, &fast_req);
if (retval == 0 && inner_body_out != NULL) {
retval = fetch_asn1_field((unsigned char *)plaintext.data,
1, 2, &scratch);
if (retval == 0) {
retval = krb5_copy_data(kdc_context, &scratch,
&inner_body);
}
}
if (plaintext.data)
free(plaintext.data);
}
cksum = &fast_armored_req->req_checksum;
if (retval == 0)
retval = krb5_c_verify_checksum(kdc_context, state->armor_key,
KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
checksummed_data, cksum,
&cksum_valid);
if (retval == 0 && !cksum_valid) {
retval = KRB5KRB_AP_ERR_MODIFIED;
krb5_set_error_message(kdc_context, retval,
_("FAST req_checksum invalid; request "
"modified"));
}
if (retval == 0) {
if (!krb5_c_is_keyed_cksum(cksum->checksum_type)) {
retval = KRB5KDC_ERR_POLICY;
krb5_set_error_message(kdc_context, retval,
_("Unkeyed checksum used in fast_req"));
}
}
if (retval == 0) {
if ((fast_req->fast_options & UNSUPPORTED_CRITICAL_FAST_OPTIONS) != 0)
retval = KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION;
}
if (retval == 0)
cookie_padata = krb5int_find_pa_data(kdc_context,
fast_req->req_body->padata,
KRB5_PADATA_FX_COOKIE);
if (retval == 0) {
state->fast_options = fast_req->fast_options;
krb5_free_kdc_req( kdc_context, request);
*requestptr = fast_req->req_body;
fast_req->req_body = NULL;
}
}
else {
cookie_padata = krb5int_find_pa_data(kdc_context,
request->padata,
KRB5_PADATA_FX_COOKIE);
}
if (retval == 0 && cookie_padata != NULL) {
krb5_pa_data *new_padata = malloc(sizeof (krb5_pa_data));
if (new_padata == NULL) {
retval = ENOMEM;
} else {
new_padata->pa_type = KRB5_PADATA_FX_COOKIE;
new_padata->length = cookie_padata->length;
new_padata->contents = malloc(new_padata->length);
if (new_padata->contents == NULL) {
retval = ENOMEM;
free(new_padata);
} else {
memcpy(new_padata->contents, cookie_padata->contents,
new_padata->length);
state->cookie = new_padata;
}
}
}
if (retval == 0 && inner_body_out != NULL) {
*inner_body_out = inner_body;
inner_body = NULL;
}
krb5_free_data(kdc_context, inner_body);
if (fast_req)
krb5_free_fast_req( kdc_context, fast_req);
if (fast_armored_req)
krb5_free_fast_armored_req(kdc_context, fast_armored_req);
return retval;
}
/*ARGSUSED*/
krb5_error_code
process_tgs_req(struct server_handle *handle, krb5_data *pkt,
const krb5_fulladdr *from, krb5_data **response)
{
krb5_keyblock * subkey = 0;
krb5_keyblock *header_key = NULL;
krb5_kdc_req *request = 0;
krb5_db_entry *server = NULL;
krb5_db_entry *stkt_server = NULL;
krb5_kdc_rep reply;
krb5_enc_kdc_rep_part reply_encpart;
krb5_ticket ticket_reply, *header_ticket = 0;
int st_idx = 0;
krb5_enc_tkt_part enc_tkt_reply;
int newtransited = 0;
krb5_error_code retval = 0;
krb5_keyblock encrypting_key;
krb5_timestamp kdc_time, authtime = 0;
krb5_keyblock session_key;
krb5_keyblock *reply_key = NULL;
krb5_key_data *server_key;
krb5_principal cprinc = NULL, sprinc = NULL, altcprinc = NULL;
krb5_last_req_entry *nolrarray[2], nolrentry;
int errcode;
const char *status = 0;
krb5_enc_tkt_part *header_enc_tkt = NULL; /* TGT */
krb5_enc_tkt_part *subject_tkt = NULL; /* TGT or evidence ticket */
krb5_db_entry *client = NULL, *header_server = NULL;
krb5_db_entry *local_tgt, *local_tgt_storage = NULL;
krb5_pa_s4u_x509_user *s4u_x509_user = NULL; /* protocol transition request */
krb5_authdata **kdc_issued_auth_data = NULL; /* auth data issued by KDC */
unsigned int c_flags = 0, s_flags = 0; /* client/server KDB flags */
krb5_boolean is_referral;
const char *emsg = NULL;
krb5_kvno ticket_kvno = 0;
struct kdc_request_state *state = NULL;
krb5_pa_data *pa_tgs_req; /*points into request*/
krb5_data scratch;
krb5_pa_data **e_data = NULL;
kdc_realm_t *kdc_active_realm = NULL;
krb5_audit_state *au_state = NULL;
krb5_data **auth_indicators = NULL;
memset(&reply, 0, sizeof(reply));
memset(&reply_encpart, 0, sizeof(reply_encpart));
memset(&ticket_reply, 0, sizeof(ticket_reply));
memset(&enc_tkt_reply, 0, sizeof(enc_tkt_reply));
session_key.contents = NULL;
retval = decode_krb5_tgs_req(pkt, &request);
if (retval)
return retval;
/* Save pointer to client-requested service principal, in case of
* errors before a successful call to search_sprinc(). */
sprinc = request->server;
if (request->msg_type != KRB5_TGS_REQ) {
krb5_free_kdc_req(handle->kdc_err_context, request);
return KRB5_BADMSGTYPE;
}
/*
* setup_server_realm() sets up the global realm-specific data pointer.
*/
kdc_active_realm = setup_server_realm(handle, request->server);
if (kdc_active_realm == NULL) {
krb5_free_kdc_req(handle->kdc_err_context, request);
return KRB5KDC_ERR_WRONG_REALM;
}
errcode = kdc_make_rstate(kdc_active_realm, &state);
if (errcode !=0) {
krb5_free_kdc_req(handle->kdc_err_context, request);
return errcode;
}
/* Initialize audit state. */
errcode = kau_init_kdc_req(kdc_context, request, from, &au_state);
if (errcode) {
krb5_free_kdc_req(handle->kdc_err_context, request);
return errcode;
}
/* Seed the audit trail with the request ID and basic information. */
kau_tgs_req(kdc_context, TRUE, au_state);
errcode = kdc_process_tgs_req(kdc_active_realm,
request, from, pkt, &header_ticket,
&header_server, &header_key, &subkey,
&pa_tgs_req);
if (header_ticket && header_ticket->enc_part2)
cprinc = header_ticket->enc_part2->client;
if (errcode) {
status = "PROCESS_TGS";
goto cleanup;
}
if (!header_ticket) {
errcode = KRB5_NO_TKT_SUPPLIED; /* XXX? */
status="UNEXPECTED NULL in header_ticket";
goto cleanup;
}
errcode = kau_make_tkt_id(kdc_context, header_ticket,
&au_state->tkt_in_id);
if (errcode) {
status = "GENERATE_TICKET_ID";
goto cleanup;
}
scratch.length = pa_tgs_req->length;
scratch.data = (char *) pa_tgs_req->contents;
errcode = kdc_find_fast(&request, &scratch, subkey,
header_ticket->enc_part2->session, state, NULL);
/* Reset sprinc because kdc_find_fast() can replace request. */
sprinc = request->server;
if (errcode !=0) {
status = "FIND_FAST";
goto cleanup;
}
errcode = get_local_tgt(kdc_context, &sprinc->realm, header_server,
&local_tgt, &local_tgt_storage);
if (errcode) {
status = "GET_LOCAL_TGT";
goto cleanup;
}
/* Ignore (for now) the request modification due to FAST processing. */
au_state->request = request;
/*
* Pointer to the encrypted part of the header ticket, which may be
* replaced to point to the encrypted part of the evidence ticket
* if constrained delegation is used. This simplifies the number of
* special cases for constrained delegation.
*/
header_enc_tkt = header_ticket->enc_part2;
/*
* We've already dealt with the AP_REQ authentication, so we can
* use header_ticket freely. The encrypted part (if any) has been
* decrypted with the session key.
*/
au_state->stage = SRVC_PRINC;
/* XXX make sure server here has the proper realm...taken from AP_REQ
header? */
setflag(s_flags, KRB5_KDB_FLAG_ALIAS_OK);
if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) {
setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);
}
errcode = search_sprinc(kdc_active_realm, request, s_flags, &server,
&status);
if (errcode != 0)
goto cleanup;
sprinc = server->princ;
/* If we got a cross-realm TGS which is not the requested server, we are
* issuing a referral (or alternate TGT, which we treat similarly). */
is_referral = is_cross_tgs_principal(server->princ) &&
!krb5_principal_compare(kdc_context, request->server, server->princ);
au_state->stage = VALIDATE_POL;
if ((errcode = krb5_timeofday(kdc_context, &kdc_time))) {
status = "TIME_OF_DAY";
goto cleanup;
}
if ((retval = validate_tgs_request(kdc_active_realm,
request, *server, header_ticket,
kdc_time, &status, &e_data))) {
if (!status)
status = "UNKNOWN_REASON";
if (retval == KDC_ERR_POLICY || retval == KDC_ERR_BADOPTION)
au_state->violation = PROT_CONSTRAINT;
errcode = retval + ERROR_TABLE_BASE_krb5;
goto cleanup;
}
if (!is_local_principal(kdc_active_realm, header_enc_tkt->client))
setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM);
/* Check for protocol transition */
errcode = kdc_process_s4u2self_req(kdc_active_realm,
request,
header_enc_tkt->client,
server,
subkey,
header_enc_tkt->session,
kdc_time,
&s4u_x509_user,
&client,
&status);
if (s4u_x509_user != NULL || errcode != 0) {
if (s4u_x509_user != NULL)
au_state->s4u2self_user = s4u_x509_user->user_id.user;
if (errcode == KDC_ERR_POLICY || errcode == KDC_ERR_BADOPTION)
au_state->violation = PROT_CONSTRAINT;
au_state->status = status;
kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state);
au_state->s4u2self_user = NULL;
}
if (errcode)
goto cleanup;
if (s4u_x509_user != NULL) {
setflag(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION);
if (is_referral) {
/* The requesting server appears to no longer exist, and we found
* a referral instead. Treat this as a server lookup failure. */
errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
status = "LOOKING_UP_SERVER";
goto cleanup;
}
}
/* Deal with user-to-user and constrained delegation */
errcode = decrypt_2ndtkt(kdc_active_realm, request, c_flags,
&stkt_server, &status);
if (errcode)
goto cleanup;
if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) {
/* Do constrained delegation protocol and authorization checks */
errcode = kdc_process_s4u2proxy_req(kdc_active_realm,
request,
request->second_ticket[st_idx]->enc_part2,
stkt_server,
header_ticket->enc_part2->client,
request->server,
&status);
if (errcode == KDC_ERR_POLICY || errcode == KDC_ERR_BADOPTION)
au_state->violation = PROT_CONSTRAINT;
else if (errcode)
au_state->violation = LOCAL_POLICY;
au_state->status = status;
retval = kau_make_tkt_id(kdc_context, request->second_ticket[st_idx],
&au_state->evid_tkt_id);
if (retval) {
status = "GENERATE_TICKET_ID";
errcode = retval;
goto cleanup;
}
kau_s4u2proxy(kdc_context, errcode ? FALSE : TRUE, au_state);
if (errcode)
goto cleanup;
setflag(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION);
assert(krb5_is_tgs_principal(header_ticket->server));
assert(client == NULL); /* assured by kdc_process_s4u2self_req() */
client = stkt_server;
stkt_server = NULL;
} else if (request->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
krb5_db_free_principal(kdc_context, stkt_server);
stkt_server = NULL;
} else
assert(stkt_server == NULL);
au_state->stage = ISSUE_TKT;
errcode = gen_session_key(kdc_active_realm, request, server, &session_key,
&status);
if (errcode)
goto cleanup;
/*
* subject_tkt will refer to the evidence ticket (for constrained
* delegation) or the TGT. The distinction from header_enc_tkt is
* necessary because the TGS signature only protects some fields:
* the others could be forged by a malicious server.
*/
if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
subject_tkt = request->second_ticket[st_idx]->enc_part2;
else
subject_tkt = header_enc_tkt;
authtime = subject_tkt->times.authtime;
/* Extract auth indicators from the subject ticket, except for S4U2Proxy
* requests (where the client didn't authenticate). */
if (s4u_x509_user == NULL) {
errcode = get_auth_indicators(kdc_context, subject_tkt, local_tgt,
&auth_indicators);
if (errcode) {
status = "GET_AUTH_INDICATORS";
goto cleanup;
}
}
errcode = check_indicators(kdc_context, server, auth_indicators);
if (errcode) {
status = "HIGHER_AUTHENTICATION_REQUIRED";
goto cleanup;
}
if (is_referral)
ticket_reply.server = server->princ;
else
ticket_reply.server = request->server; /* XXX careful for realm... */
enc_tkt_reply.flags = OPTS2FLAGS(request->kdc_options);
enc_tkt_reply.flags |= COPY_TKT_FLAGS(header_enc_tkt->flags);
enc_tkt_reply.times.starttime = 0;
if (isflagset(server->attributes, KRB5_KDB_OK_AS_DELEGATE))
setflag(enc_tkt_reply.flags, TKT_FLG_OK_AS_DELEGATE);
/* Indicate support for encrypted padata (RFC 6806). */
setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP);
/* don't use new addresses unless forwarded, see below */
enc_tkt_reply.caddrs = header_enc_tkt->caddrs;
/* noaddrarray[0] = 0; */
reply_encpart.caddrs = 0;/* optional...don't put it in */
reply_encpart.enc_padata = NULL;
/*
* It should be noted that local policy may affect the
* processing of any of these flags. For example, some
* realms may refuse to issue renewable tickets
*/
if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE)) {
if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) {
/*
* If S4U2Self principal is not forwardable, then mark ticket as
* unforwardable. This behaviour matches Windows, but it is
* different to the MIT AS-REQ path, which returns an error
* (KDC_ERR_POLICY) if forwardable tickets cannot be issued.
*
* Consider this block the S4U2Self equivalent to
* validate_forwardable().
*/
if (client != NULL &&
isflagset(client->attributes, KRB5_KDB_DISALLOW_FORWARDABLE))
clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
/*
* Forwardable flag is propagated along referral path.
*/
else if (!isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDABLE))
clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
/*
* OK_TO_AUTH_AS_DELEGATE must be set on the service requesting
* S4U2Self in order for forwardable tickets to be returned.
*/
else if (!is_referral &&
!isflagset(server->attributes,
KRB5_KDB_OK_TO_AUTH_AS_DELEGATE))
clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
}
}
if (isflagset(request->kdc_options, KDC_OPT_FORWARDED) ||
isflagset(request->kdc_options, KDC_OPT_PROXY)) {
/* include new addresses in ticket & reply */
enc_tkt_reply.caddrs = request->addresses;
reply_encpart.caddrs = request->addresses;
}
/* We don't currently handle issuing anonymous tickets based on
* non-anonymous ones, so just ignore the option. */
if (isflagset(request->kdc_options, KDC_OPT_REQUEST_ANONYMOUS) &&
!isflagset(header_enc_tkt->flags, TKT_FLG_ANONYMOUS))
clear(enc_tkt_reply.flags, TKT_FLG_ANONYMOUS);
if (isflagset(request->kdc_options, KDC_OPT_POSTDATED)) {
setflag(enc_tkt_reply.flags, TKT_FLG_INVALID);
enc_tkt_reply.times.starttime = request->from;
} else
enc_tkt_reply.times.starttime = kdc_time;
if (isflagset(request->kdc_options, KDC_OPT_VALIDATE)) {
assert(isflagset(c_flags, KRB5_KDB_FLAGS_S4U) == 0);
/* BEWARE of allocation hanging off of ticket & enc_part2, it belongs
to the caller */
ticket_reply = *(header_ticket);
enc_tkt_reply = *(header_ticket->enc_part2);
enc_tkt_reply.authorization_data = NULL;
clear(enc_tkt_reply.flags, TKT_FLG_INVALID);
}
if (isflagset(request->kdc_options, KDC_OPT_RENEW)) {
krb5_timestamp old_starttime;
krb5_deltat old_life;
assert(isflagset(c_flags, KRB5_KDB_FLAGS_S4U) == 0);
/* BEWARE of allocation hanging off of ticket & enc_part2, it belongs
to the caller */
ticket_reply = *(header_ticket);
enc_tkt_reply = *(header_ticket->enc_part2);
enc_tkt_reply.authorization_data = NULL;
old_starttime = enc_tkt_reply.times.starttime ?
enc_tkt_reply.times.starttime : enc_tkt_reply.times.authtime;
old_life = enc_tkt_reply.times.endtime - old_starttime;
enc_tkt_reply.times.starttime = kdc_time;
enc_tkt_reply.times.endtime =
min(header_ticket->enc_part2->times.renew_till,
kdc_time + old_life);
} else {
/* not a renew request */
enc_tkt_reply.times.starttime = kdc_time;
kdc_get_ticket_endtime(kdc_active_realm, enc_tkt_reply.times.starttime,
header_enc_tkt->times.endtime, request->till,
client, server, &enc_tkt_reply.times.endtime);
}
kdc_get_ticket_renewtime(kdc_active_realm, request, header_enc_tkt, client,
server, &enc_tkt_reply);
/*
* Set authtime to be the same as header or evidence ticket's
*/
enc_tkt_reply.times.authtime = authtime;
/* starttime is optional, and treated as authtime if not present.
so we can nuke it if it matches */
if (enc_tkt_reply.times.starttime == enc_tkt_reply.times.authtime)
enc_tkt_reply.times.starttime = 0;
if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) {
altcprinc = s4u_x509_user->user_id.user;
} else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) {
altcprinc = subject_tkt->client;
} else {
altcprinc = NULL;
}
if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) {
krb5_enc_tkt_part *t2enc = request->second_ticket[st_idx]->enc_part2;
encrypting_key = *(t2enc->session);
} else {
/*
* Find the server key
*/
if ((errcode = krb5_dbe_find_enctype(kdc_context, server,
-1, /* ignore keytype */
-1, /* Ignore salttype */
0, /* Get highest kvno */
&server_key))) {
status = "FINDING_SERVER_KEY";
goto cleanup;
}
/*
* Convert server.key into a real key
* (it may be encrypted in the database)
*/
if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, NULL,
server_key, &encrypting_key,
NULL))) {
status = "DECRYPT_SERVER_KEY";
goto cleanup;
}
}
if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) {
/*
* Don't allow authorization data to be disabled if constrained
* delegation is requested. We don't want to deny the server
* the ability to validate that delegation was used.
*/
clear(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED);
}
if (isflagset(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED) == 0) {
/*
* If we are not doing protocol transition/constrained delegation
* try to lookup the client principal so plugins can add additional
* authorization information.
*
* Always validate authorization data for constrained delegation
* because we must validate the KDC signatures.
*/
if (!isflagset(c_flags, KRB5_KDB_FLAGS_S4U)) {
/* Generate authorization data so we can include it in ticket */
setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC);
/* Map principals from foreign (possibly non-AD) realms */
setflag(c_flags, KRB5_KDB_FLAG_MAP_PRINCIPALS);
assert(client == NULL); /* should not have been set already */
errcode = krb5_db_get_principal(kdc_context, subject_tkt->client,
c_flags, &client);
}
}
if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
!isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM))
enc_tkt_reply.client = s4u_x509_user->user_id.user;
else
enc_tkt_reply.client = subject_tkt->client;
enc_tkt_reply.session = &session_key;
enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
enc_tkt_reply.transited.tr_contents = empty_string; /* equivalent of "" */
/*
* Only add the realm of the presented tgt to the transited list if
* it is different than the local realm (cross-realm) and it is different
* than the realm of the client (since the realm of the client is already
* implicitly part of the transited list and should not be explicitly
* listed).
*/
/* realm compare is like strcmp, but knows how to deal with these args */
if (krb5_realm_compare(kdc_context, header_ticket->server, tgs_server) ||
krb5_realm_compare(kdc_context, header_ticket->server,
enc_tkt_reply.client)) {
/* tgt issued by local realm or issued by realm of client */
enc_tkt_reply.transited = header_enc_tkt->transited;
} else {
/* tgt issued by some other realm and not the realm of the client */
/* assemble new transited field into allocated storage */
if (header_enc_tkt->transited.tr_type !=
KRB5_DOMAIN_X500_COMPRESS) {
status = "VALIDATE_TRANSIT_TYPE";
errcode = KRB5KDC_ERR_TRTYPE_NOSUPP;
goto cleanup;
}
memset(&enc_tkt_reply.transited, 0, sizeof(enc_tkt_reply.transited));
enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
if ((errcode =
add_to_transited(&header_enc_tkt->transited.tr_contents,
&enc_tkt_reply.transited.tr_contents,
header_ticket->server,
enc_tkt_reply.client,
request->server))) {
status = "ADD_TO_TRANSITED_LIST";
goto cleanup;
}
newtransited = 1;
}
if (isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) {
errcode = validate_transit_path(kdc_context, header_enc_tkt->client,
server, header_server);
if (errcode) {
status = "NON_TRANSITIVE";
goto cleanup;
}
}
if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) {
errcode = kdc_check_transited_list (kdc_active_realm,
&enc_tkt_reply.transited.tr_contents,
krb5_princ_realm (kdc_context, header_enc_tkt->client),
krb5_princ_realm (kdc_context, request->server));
if (errcode == 0) {
setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED);
} else {
log_tgs_badtrans(kdc_context, cprinc, sprinc,
&enc_tkt_reply.transited.tr_contents, errcode);
}
} else
krb5_klog_syslog(LOG_INFO, _("not checking transit path"));
if (kdc_active_realm->realm_reject_bad_transit &&
!isflagset(enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED)) {
errcode = KRB5KDC_ERR_POLICY;
status = "BAD_TRANSIT";
au_state->violation = LOCAL_POLICY;
goto cleanup;
}
errcode = handle_authdata(kdc_context, c_flags, client, server,
header_server, local_tgt,
subkey != NULL ? subkey :
header_ticket->enc_part2->session,
&encrypting_key, /* U2U or server key */
header_key,
pkt,
request,
s4u_x509_user ?
s4u_x509_user->user_id.user : NULL,
subject_tkt,
auth_indicators,
&enc_tkt_reply);
if (errcode) {
krb5_klog_syslog(LOG_INFO, _("TGS_REQ : handle_authdata (%d)"),
errcode);
status = "HANDLE_AUTHDATA";
goto cleanup;
}
ticket_reply.enc_part2 = &enc_tkt_reply;
/*
* If we are doing user-to-user authentication, then make sure
* that the client for the second ticket matches the request
* server, and then encrypt the ticket using the session key of
* the second ticket.
*/
if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) {
/*
* Make sure the client for the second ticket matches
* requested server.
*/
krb5_enc_tkt_part *t2enc = request->second_ticket[st_idx]->enc_part2;
krb5_principal client2 = t2enc->client;
if (!krb5_principal_compare(kdc_context, request->server, client2)) {
altcprinc = client2;
errcode = KRB5KDC_ERR_SERVER_NOMATCH;
status = "2ND_TKT_MISMATCH";
au_state->status = status;
kau_u2u(kdc_context, FALSE, au_state);
goto cleanup;
}
ticket_kvno = 0;
ticket_reply.enc_part.enctype = t2enc->session->enctype;
kau_u2u(kdc_context, TRUE, au_state);
st_idx++;
} else {
ticket_kvno = server_key->key_data_kvno;
}
errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key,
&ticket_reply);
if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
krb5_free_keyblock_contents(kdc_context, &encrypting_key);
if (errcode) {
status = "ENCRYPT_TICKET";
goto cleanup;
}
ticket_reply.enc_part.kvno = ticket_kvno;
/* Start assembling the response */
au_state->stage = ENCR_REP;
reply.msg_type = KRB5_TGS_REP;
if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
krb5int_find_pa_data(kdc_context, request->padata,
KRB5_PADATA_S4U_X509_USER) != NULL) {
errcode = kdc_make_s4u2self_rep(kdc_context,
subkey,
header_ticket->enc_part2->session,
s4u_x509_user,
&reply,
&reply_encpart);
if (errcode) {
status = "MAKE_S4U2SELF_PADATA";
au_state->status = status;
}
kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state);
if (errcode)
goto cleanup;
}
reply.client = enc_tkt_reply.client;
reply.enc_part.kvno = 0;/* We are using the session key */
reply.ticket = &ticket_reply;
reply_encpart.session = &session_key;
reply_encpart.nonce = request->nonce;
/* copy the time fields */
reply_encpart.times = enc_tkt_reply.times;
nolrentry.lr_type = KRB5_LRQ_NONE;
nolrentry.value = 0;
nolrentry.magic = 0;
nolrarray[0] = &nolrentry;
nolrarray[1] = 0;
reply_encpart.last_req = nolrarray; /* not available for TGS reqs */
reply_encpart.key_exp = 0;/* ditto */
reply_encpart.flags = enc_tkt_reply.flags;
reply_encpart.server = ticket_reply.server;
/* use the session key in the ticket, unless there's a subsession key
in the AP_REQ */
reply.enc_part.enctype = subkey ? subkey->enctype :
header_ticket->enc_part2->session->enctype;
errcode = kdc_fast_response_handle_padata(state, request, &reply,
subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype);
if (errcode !=0 ) {
status = "MAKE_FAST_RESPONSE";
goto cleanup;
}
errcode =kdc_fast_handle_reply_key(state,
subkey?subkey:header_ticket->enc_part2->session, &reply_key);
if (errcode) {
status = "MAKE_FAST_REPLY_KEY";
goto cleanup;
}
errcode = return_enc_padata(kdc_context, pkt, request,
reply_key, server, &reply_encpart,
is_referral &&
isflagset(s_flags,
KRB5_KDB_FLAG_CANONICALIZE));
if (errcode) {
status = "KDC_RETURN_ENC_PADATA";
goto cleanup;
}
errcode = kau_make_tkt_id(kdc_context, &ticket_reply, &au_state->tkt_out_id);
if (errcode) {
status = "GENERATE_TICKET_ID";
goto cleanup;
}
if (kdc_fast_hide_client(state))
reply.client = (krb5_principal)krb5_anonymous_principal();
errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
subkey ? 1 : 0,
reply_key,
&reply, response);
if (errcode) {
status = "ENCODE_KDC_REP";
} else {
status = "ISSUE";
}
memset(ticket_reply.enc_part.ciphertext.data, 0,
ticket_reply.enc_part.ciphertext.length);
free(ticket_reply.enc_part.ciphertext.data);
/* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
can use them in raw form if needed. But, we don't... */
memset(reply.enc_part.ciphertext.data, 0,
reply.enc_part.ciphertext.length);
free(reply.enc_part.ciphertext.data);
cleanup:
assert(status != NULL);
if (reply_key)
krb5_free_keyblock(kdc_context, reply_key);
if (errcode)
emsg = krb5_get_error_message (kdc_context, errcode);
au_state->status = status;
if (!errcode)
au_state->reply = &reply;
kau_tgs_req(kdc_context, errcode ? FALSE : TRUE, au_state);
kau_free_kdc_req(au_state);
log_tgs_req(kdc_context, from, request, &reply, cprinc,
sprinc, altcprinc, authtime,
c_flags, status, errcode, emsg);
if (errcode) {
krb5_free_error_message (kdc_context, emsg);
emsg = NULL;
}
if (errcode) {
int got_err = 0;
if (status == 0) {
status = krb5_get_error_message (kdc_context, errcode);
got_err = 1;
}
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > KRB_ERR_MAX)
errcode = KRB_ERR_GENERIC;
retval = prepare_error_tgs(state, request, header_ticket, errcode,
(server != NULL) ? server->princ : NULL,
response, status, e_data);
if (got_err) {
krb5_free_error_message (kdc_context, status);
status = 0;
}
}
if (header_ticket != NULL)
krb5_free_ticket(kdc_context, header_ticket);
if (request != NULL)
krb5_free_kdc_req(kdc_context, request);
if (state)
kdc_free_rstate(state);
krb5_db_free_principal(kdc_context, server);
krb5_db_free_principal(kdc_context, header_server);
krb5_db_free_principal(kdc_context, client);
krb5_db_free_principal(kdc_context, local_tgt_storage);
if (session_key.contents != NULL)
krb5_free_keyblock_contents(kdc_context, &session_key);
if (newtransited)
free(enc_tkt_reply.transited.tr_contents.data);
if (s4u_x509_user != NULL)
krb5_free_pa_s4u_x509_user(kdc_context, s4u_x509_user);
if (kdc_issued_auth_data != NULL)
krb5_free_authdata(kdc_context, kdc_issued_auth_data);
if (subkey != NULL)
krb5_free_keyblock(kdc_context, subkey);
if (header_key != NULL)
krb5_free_keyblock(kdc_context, header_key);
if (reply.padata)
krb5_free_pa_data(kdc_context, reply.padata);
if (reply_encpart.enc_padata)
krb5_free_pa_data(kdc_context, reply_encpart.enc_padata);
if (enc_tkt_reply.authorization_data != NULL)
krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
krb5_free_pa_data(kdc_context, e_data);
k5_free_data_ptr_list(auth_indicators);
return retval;
}
/*
* FAST separates two concepts: the set of padata we're using to
* decide what pre-auth mechanisms to use and the set of padata we're
* making available to mechanisms in order for them to respond to an
* error. The plugin interface in March 2009 does not permit
* separating these concepts for the plugins. This function makes
* both available for future revisions to the plugin interface. It
* also re-encodes the padata from the current error as a encoded
* typed-data and puts that in the e_data field. That will allow
* existing plugins with the old interface to find the error data.
* The output parameter out_padata contains the padata from the error
* whenever padata is available (all the time with fast).
*/
krb5_error_code
krb5int_fast_process_error(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_error **err_replyptr,
krb5_pa_data ***out_padata,
krb5_boolean *retry)
{
krb5_error_code retval = 0;
krb5_error *err_reply = *err_replyptr;
*out_padata = NULL;
*retry = 0;
if (state->armor_key) {
krb5_pa_data *fx_error_pa;
krb5_pa_data **result = NULL;
krb5_data scratch, *encoded_td = NULL;
krb5_error *fx_error = NULL;
krb5_fast_response *fast_response = NULL;
retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
if (retval == 0)
retval = decrypt_fast_reply(context, state, result,
&fast_response);
if (retval) {
/*
* This can happen if the KDC does not understand FAST. We don't
* expect that, but treating it as the fatal error indicated by the
* KDC seems reasonable.
*/
*retry = 0;
krb5_free_pa_data(context, result);
return 0;
}
krb5_free_pa_data(context, result);
result = NULL;
if (retval == 0) {
fx_error_pa = krb5int_find_pa_data(context, fast_response->padata,
KRB5_PADATA_FX_ERROR);
if (fx_error_pa == NULL) {
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
"Expecting FX_ERROR pa-data inside "
"FAST container");
retval = KRB5KDC_ERR_PREAUTH_FAILED;
}
}
if (retval == 0) {
scratch.data = (char *) fx_error_pa->contents;
scratch.length = fx_error_pa->length;
retval = decode_krb5_error(&scratch, &fx_error);
}
/*
* krb5_pa_data and krb5_typed_data are safe to cast between:
* they have the same type fields in the same order.
* (krb5_preauthtype is a krb5_int32). If krb5_typed_data is
* ever changed then this will need to be a copy not a cast.
*/
if (retval == 0)
retval = encode_krb5_typed_data((const krb5_typed_data **)
fast_response->padata,
&encoded_td);
if (retval == 0) {
fx_error->e_data = *encoded_td;
free(encoded_td); /*contents owned by fx_error*/
encoded_td = NULL;
krb5_free_error(context, err_reply);
*err_replyptr = fx_error;
fx_error = NULL;
*out_padata = fast_response->padata;
fast_response->padata = NULL;
/*
* If there is more than the fx_error padata, then we want
* to retry the error if a cookie is present
*/
*retry = (*out_padata)[1] != NULL;
if (krb5int_find_pa_data(context, *out_padata,
KRB5_PADATA_FX_COOKIE) == NULL)
*retry = 0;
}
if (fx_error)
krb5_free_error(context, fx_error);
krb5_free_fast_response(context, fast_response);
} else { /*not FAST*/
*retry = (err_reply->e_data.length > 0);
if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED ||
err_reply->error == KDC_ERR_PREAUTH_FAILED) &&
err_reply->e_data.length) {
krb5_pa_data **result = NULL;
retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
if (retval == 0) {
*out_padata = result;
return 0;
}
krb5_free_pa_data(context, result);
krb5_set_error_message(context, retval,
"Error decoding padata in error reply");
return retval;
}
}
return retval;
}
krb5_error_code KRB5_CALLCONV
krb5_do_preauth(krb5_context context, krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
krb5_prompter_fct prompter, void *prompter_data,
krb5_clpreauth_rock rock, krb5_gic_opt_ext *opte,
krb5_boolean *got_real_out)
{
size_t i, h;
int out_pa_list_size = 0;
krb5_pa_data **out_pa_list = NULL;
krb5_error_code ret, module_ret;
krb5_responder_fn responder = opte->opt_private->responder;
static const int paorder[] = { PA_INFO, PA_REAL };
*out_padata = NULL;
*got_real_out = FALSE;
if (in_padata == NULL)
return 0;
TRACE_PREAUTH_INPUT(context, in_padata);
/* Scan the padata list and process etype-info or salt elements. */
ret = get_etype_info(context, in_padata, request, rock);
if (ret)
return ret;
/* Copy the cookie if there is one. */
ret = copy_cookie(context, in_padata, &out_pa_list, &out_pa_list_size);
if (ret)
goto error;
if (krb5int_find_pa_data(context, in_padata,
KRB5_PADATA_S4U_X509_USER) != NULL) {
/* Fulfill a private contract with krb5_get_credentials_for_user. */
ret = add_s4u_x509_user_padata(context, *rock->gak_data,
request->client, &out_pa_list,
&out_pa_list_size);
if (ret)
goto error;
}
/* If we can't initialize the preauth context, stop with what we have. */
krb5_init_preauth_context(context);
if (context->preauth_context == NULL) {
*out_padata = out_pa_list;
goto error;
}
/* Get a list of response items for in_padata from the preauth modules. */
ret = fill_response_items(context, request, encoded_request_body,
encoded_previous_request, in_padata, rock, opte);
if (ret)
goto error;
/* Call the responder to answer response items. */
if (responder != NULL && !k5_response_items_empty(rock->rctx.items)) {
ret = (*responder)(context, opte->opt_private->responder_data,
&rock->rctx);
if (ret)
goto error;
}
/* Produce output padata, first from all the informational preauths, then
* the from first real one. */
for (h = 0; h < sizeof(paorder) / sizeof(paorder[0]); h++) {
for (i = 0; in_padata[i] != NULL; i++) {
#ifdef DEBUG
fprintf (stderr, "trying modules for pa_type %d, flag %d\n",
in_padata[i]->pa_type, paorder[h]);
#endif
ret = run_preauth_plugins(context, paorder[h], request,
encoded_request_body,
encoded_previous_request, in_padata[i],
prompter, prompter_data, rock,
&out_pa_list, &out_pa_list_size,
&module_ret, opte);
if (ret == 0 && module_ret == 0 && paorder[h] == PA_REAL) {
*got_real_out = TRUE;
break;
}
}
}
TRACE_PREAUTH_OUTPUT(context, out_pa_list);
*out_padata = out_pa_list;
return 0;
error:
krb5_free_pa_data(context, out_pa_list);
return ret;
}
/*
* We assume the caller is responsible for passing us an in_padata
* sufficient to include in a FAST error. In the FAST case we will
* set *fast_edata_out to the edata to be included in the error; in
* the non-FAST case we will set it to NULL.
*/
krb5_error_code
kdc_fast_handle_error(krb5_context context,
struct kdc_request_state *state,
krb5_kdc_req *request,
krb5_pa_data **in_padata, krb5_error *err,
krb5_data **fast_edata_out)
{
krb5_error_code retval = 0;
krb5_fast_response resp;
krb5_error fx_error;
krb5_data *encoded_fx_error = NULL, *encrypted_reply = NULL;
krb5_pa_data pa[1];
krb5_pa_data *outer_pa[3], *cookie = NULL;
krb5_pa_data **inner_pa = NULL;
size_t size = 0;
kdc_realm_t *kdc_active_realm = state->realm_data;
*fast_edata_out = NULL;
memset(outer_pa, 0, sizeof(outer_pa));
if (state->armor_key == NULL)
return 0;
fx_error = *err;
fx_error.e_data.data = NULL;
fx_error.e_data.length = 0;
for (size = 0; in_padata&&in_padata[size]; size++);
size +=3;
inner_pa = calloc(size, sizeof(krb5_pa_data *));
if (inner_pa == NULL)
retval = ENOMEM;
if (retval == 0)
for (size=0; in_padata&&in_padata[size]; size++)
inner_pa[size] = in_padata[size];
if (retval == 0)
retval = encode_krb5_error(&fx_error, &encoded_fx_error);
if (retval == 0) {
pa[0].pa_type = KRB5_PADATA_FX_ERROR;
pa[0].length = encoded_fx_error->length;
pa[0].contents = (unsigned char *) encoded_fx_error->data;
inner_pa[size++] = &pa[0];
if (krb5int_find_pa_data(kdc_context,
inner_pa, KRB5_PADATA_FX_COOKIE) == NULL)
retval = kdc_preauth_get_cookie(state, &cookie);
}
if (cookie != NULL)
inner_pa[size++] = cookie;
if (retval == 0) {
resp.padata = inner_pa;
resp.nonce = request->nonce;
resp.strengthen_key = NULL;
resp.finished = NULL;
}
if (retval == 0)
retval = encrypt_fast_reply(state, &resp, &encrypted_reply);
if (inner_pa)
free(inner_pa); /*contained storage from caller and our stack*/
if (cookie) {
free(cookie->contents);
free(cookie);
cookie = NULL;
}
if (retval == 0) {
pa[0].pa_type = KRB5_PADATA_FX_FAST;
pa[0].length = encrypted_reply->length;
pa[0].contents = (unsigned char *) encrypted_reply->data;
outer_pa[0] = &pa[0];
}
retval = encode_krb5_padata_sequence(outer_pa, fast_edata_out);
if (encrypted_reply)
krb5_free_data(kdc_context, encrypted_reply);
if (encoded_fx_error)
krb5_free_data(kdc_context, encoded_fx_error);
return retval;
}
/* Set etype info parameters in rock based on padata. */
static krb5_error_code
get_etype_info(krb5_context context, krb5_pa_data **padata,
krb5_kdc_req *request, krb5_clpreauth_rock rock)
{
krb5_error_code ret = 0;
krb5_pa_data *pa;
krb5_data d;
krb5_etype_info etype_info = NULL, e;
krb5_etype_info_entry *entry;
krb5_boolean valid_found;
int i;
/* Find an etype-info2 or etype-info element in padata. */
pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_ETYPE_INFO2);
if (pa != NULL) {
d = padata2data(*pa);
(void)decode_krb5_etype_info2(&d, &etype_info);
} else {
pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_ETYPE_INFO);
if (pa != NULL) {
d = padata2data(*pa);
(void)decode_krb5_etype_info(&d, &etype_info);
}
}
/* Fall back to pw-salt/afs3-salt if no etype-info element is present. */
if (etype_info == NULL)
return get_salt(context, padata, request, rock);
/* Search entries in order of the request's enctype preference. */
entry = NULL;
valid_found = FALSE;
for (i = 0; i < request->nktypes && entry == NULL; i++) {
for (e = etype_info; *e != NULL && entry == NULL; e++) {
if ((*e)->etype == request->ktype[i])
entry = *e;
if (krb5_c_valid_enctype((*e)->etype))
valid_found = TRUE;
}
}
if (entry == NULL) {
ret = (valid_found) ? KRB5_CONFIG_ETYPE_NOSUPP :
KRB5_PROG_ETYPE_NOSUPP;
goto cleanup;
}
/* Set rock fields based on the entry we selected. */
*rock->etype = entry->etype;
krb5_free_data_contents(context, rock->salt);
if (entry->length != KRB5_ETYPE_NO_SALT) {
*rock->salt = make_data(entry->salt, entry->length);
entry->salt = NULL;
*rock->default_salt = FALSE;
} else {
*rock->salt = empty_data();
*rock->default_salt = TRUE;
}
krb5_free_data_contents(context, rock->s2kparams);
*rock->s2kparams = entry->s2kparams;
entry->s2kparams = empty_data();
TRACE_PREAUTH_ETYPE_INFO(context, *rock->etype, rock->salt,
rock->s2kparams);
cleanup:
krb5_free_etype_info(context, etype_info);
return ret;
}
