static krb5_error_code return_pkinit_kx(krb5_context context, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_keyblock *encrypting_key, krb5_pa_data **out_padata) { krb5_error_code ret = 0; krb5_keyblock *session = reply->ticket->enc_part2->session; krb5_keyblock *new_session = NULL; krb5_pa_data *pa = NULL; krb5_enc_data enc; krb5_data *scratch = NULL; *out_padata = NULL; enc.ciphertext.data = NULL; if (!krb5_principal_compare(context, request->client, krb5_anonymous_principal())) return 0; /* * The KDC contribution key needs to be a fresh key of an enctype supported * by the client and server. The existing session key meets these * requirements so we use it. */ ret = krb5_c_fx_cf2_simple(context, session, "PKINIT", encrypting_key, "KEYEXCHANGE", &new_session); if (ret) goto cleanup; ret = encode_krb5_encryption_key( session, &scratch); if (ret) goto cleanup; ret = krb5_encrypt_helper(context, encrypting_key, KRB5_KEYUSAGE_PA_PKINIT_KX, scratch, &enc); if (ret) goto cleanup; memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); scratch = NULL; ret = encode_krb5_enc_data(&enc, &scratch); if (ret) goto cleanup; pa = malloc(sizeof(krb5_pa_data)); if (pa == NULL) { ret = ENOMEM; goto cleanup; } pa->pa_type = KRB5_PADATA_PKINIT_KX; pa->length = scratch->length; pa->contents = (krb5_octet *) scratch->data; *out_padata = pa; scratch->data = NULL; memset(session->contents, 0, session->length); krb5_free_keyblock_contents(context, session); *session = *new_session; new_session->contents = NULL; cleanup: krb5_free_data_contents(context, &enc.ciphertext); krb5_free_keyblock(context, new_session); krb5_free_data(context, scratch); return ret; }
/* * This routine is the "obtain" function for the ENC_TIMESTAMP * preauthentication type. It take the current time and encrypts it * in the user's key. */ static krb5_error_code obtain_enc_ts_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info etype_info, krb5_keyblock *def_enc_key, git_key_proc key_proc, krb5_const_pointer key_seed, krb5_creds *creds, krb5_kdc_req *request, krb5_pa_data **out_padata) { krb5_pa_enc_ts pa_enc; krb5_error_code retval; krb5_data * scratch; krb5_enc_data enc_data; krb5_pa_data * pa; retval = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec); if (retval) return retval; if ((retval = encode_krb5_pa_enc_ts(&pa_enc, &scratch)) != 0) return retval; enc_data.ciphertext.data = 0; if ((retval = krb5_encrypt_helper(context, def_enc_key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, scratch, &enc_data))) goto cleanup; krb5_free_data(context, scratch); scratch = 0; if ((retval = encode_krb5_enc_data(&enc_data, &scratch)) != 0) goto cleanup; if ((pa = malloc(sizeof(krb5_pa_data))) == NULL) { retval = ENOMEM; goto cleanup; } pa->magic = KV5M_PA_DATA; pa->pa_type = KRB5_PADATA_ENC_TIMESTAMP; pa->length = scratch->length; pa->contents = (krb5_octet *) scratch->data; *out_padata = pa; free(scratch); scratch = 0; retval = 0; cleanup: if (scratch) krb5_free_data(context, scratch); if (enc_data.ciphertext.data) free(enc_data.ciphertext.data); return retval; }
static krb5_error_code ec_return(krb5_context context, krb5_pa_data *padata, krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_keyblock *encrypting_key, krb5_pa_data **send_pa, krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq) { krb5_error_code retval = 0; krb5_keyblock *challenge_key = (krb5_keyblock *)modreq; krb5_pa_enc_ts ts; krb5_data *plain = NULL; krb5_enc_data enc; krb5_data *encoded = NULL; krb5_pa_data *pa = NULL; if (challenge_key == NULL) return 0; enc.ciphertext.data = NULL; /* In case of error pass through */ retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec); if (retval == 0) retval = encode_krb5_pa_enc_ts(&ts, &plain); if (retval == 0) retval = krb5_encrypt_helper(context, challenge_key, KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, plain, &enc); if (retval == 0) retval = encode_krb5_enc_data(&enc, &encoded); if (retval == 0) { pa = calloc(1, sizeof(krb5_pa_data)); if (pa == NULL) retval = ENOMEM; } if (retval == 0) { pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE; pa->contents = (unsigned char *) encoded->data; pa->length = encoded->length; encoded->data = NULL; *send_pa = pa; pa = NULL; } if (challenge_key) krb5_free_keyblock(context, challenge_key); if (encoded) krb5_free_data(context, encoded); if (plain) krb5_free_data(context, plain); if (enc.ciphertext.data) krb5_free_data_contents(context, &enc.ciphertext); return retval; }
static krb5_error_code encts_process(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, krb5_pa_data *padata, krb5_prompter_fct prompter, void *prompter_data, krb5_pa_data ***out_padata) { krb5_error_code ret; krb5_pa_enc_ts pa_enc; krb5_data *ts = NULL, *enc_ts = NULL; krb5_enc_data enc_data; krb5_pa_data **pa = NULL; krb5_keyblock *as_key; enc_data.ciphertext = empty_data(); ret = cb->get_as_key(context, rock, &as_key); if (ret) goto cleanup; TRACE_PREAUTH_ENC_TS_KEY_GAK(context, as_key); /* now get the time of day, and encrypt it accordingly */ ret = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec); if (ret) goto cleanup; ret = encode_krb5_pa_enc_ts(&pa_enc, &ts); if (ret) goto cleanup; ret = krb5_encrypt_helper(context, as_key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, ts, &enc_data); if (ret) goto cleanup; TRACE_PREAUTH_ENC_TS(context, pa_enc.patimestamp, pa_enc.pausec, ts, &enc_data.ciphertext); ret = encode_krb5_enc_data(&enc_data, &enc_ts); if (ret) goto cleanup; pa = k5alloc(2 * sizeof(krb5_pa_data *), &ret); if (pa == NULL) goto cleanup; pa[0] = k5alloc(sizeof(krb5_pa_data), &ret); if (pa[0] == NULL) goto cleanup; pa[0]->magic = KV5M_PA_DATA; pa[0]->pa_type = KRB5_PADATA_ENC_TIMESTAMP; pa[0]->length = enc_ts->length; pa[0]->contents = (krb5_octet *) enc_ts->data; enc_ts->data = NULL; pa[1] = NULL; *out_padata = pa; pa = NULL; cleanup: krb5_free_data(context, ts); krb5_free_data(context, enc_ts); free(enc_data.ciphertext.data); free(pa); return ret; }
static krb5_error_code encts_process(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, krb5_pa_data *padata, krb5_prompter_fct prompter, void *prompter_data, krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data, krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key, krb5_pa_data ***out_padata) { krb5_error_code ret; krb5_pa_enc_ts pa_enc; krb5_data *ts = NULL, *enc_ts = NULL; krb5_enc_data enc_data; krb5_pa_data **pa = NULL; krb5_enctype etype = cb->get_etype(context, rock); enc_data.ciphertext = empty_data(); if (as_key->length == 0) { #ifdef DEBUG fprintf (stderr, "%s:%d: salt len=%d", __FILE__, __LINE__, salt->length); if ((int) salt->length > 0) fprintf (stderr, " '%.*s'", salt->length, salt->data); fprintf (stderr, "; *etype=%d request->ktype[0]=%d\n", etype, request->ktype[0]); #endif ret = (*gak_fct)(context, request->client, etype, prompter, prompter_data, salt, s2kparams, as_key, gak_data); if (ret) goto cleanup; TRACE_PREAUTH_ENC_TS_KEY_GAK(context, as_key); } /* now get the time of day, and encrypt it accordingly */ ret = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec); if (ret) goto cleanup; ret = encode_krb5_pa_enc_ts(&pa_enc, &ts); if (ret) goto cleanup; ret = krb5_encrypt_helper(context, as_key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, ts, &enc_data); if (ret) goto cleanup; TRACE_PREAUTH_ENC_TS(context, pa_enc.patimestamp, pa_enc.pausec, ts, &enc_data.ciphertext); ret = encode_krb5_enc_data(&enc_data, &enc_ts); if (ret) goto cleanup; pa = k5alloc(2 * sizeof(krb5_pa_data *), &ret); if (pa == NULL) goto cleanup; pa[0] = k5alloc(sizeof(krb5_pa_data), &ret); if (pa[0] == NULL) goto cleanup; pa[0]->magic = KV5M_PA_DATA; pa[0]->pa_type = KRB5_PADATA_ENC_TIMESTAMP; pa[0]->length = enc_ts->length; pa[0]->contents = (krb5_octet *) enc_ts->data; enc_ts->data = NULL; pa[1] = NULL; *out_padata = pa; pa = NULL; cleanup: krb5_free_data(context, ts); krb5_free_data(context, enc_ts); free(enc_data.ciphertext.data); free(pa); return ret; }
static krb5_error_code ec_process(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, krb5_pa_data *padata, krb5_prompter_fct prompter, void *prompter_data, krb5_pa_data ***out_padata) { krb5_error_code retval = 0; krb5_keyblock *challenge_key = NULL, *armor_key, *as_key; armor_key = cb->fast_armor(context, rock); if (armor_key == NULL) return ENOENT; retval = cb->get_as_key(context, rock, &as_key); if (retval == 0 && padata->length) { krb5_enc_data *enc = NULL; krb5_data scratch; scratch.length = padata->length; scratch.data = (char *) padata->contents; retval = krb5_c_fx_cf2_simple(context,armor_key, "kdcchallengearmor", as_key, "challengelongterm", &challenge_key); if (retval == 0) retval = decode_krb5_enc_data(&scratch, &enc); scratch.data = NULL; if (retval == 0) { scratch.data = malloc(enc->ciphertext.length); scratch.length = enc->ciphertext.length; if (scratch.data == NULL) retval = ENOMEM; } if (retval == 0) retval = krb5_c_decrypt(context, challenge_key, KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL, enc, &scratch); /* * Per draft 11 of the preauth framework, the client MAY but is not * required to actually check the timestamp from the KDC other than to * confirm it decrypts. This code does not perform that check. */ if (scratch.data) krb5_free_data_contents(context, &scratch); /* If we had a callback to assert that the KDC is verified, we would * call it here. */ if (enc) krb5_free_enc_data(context, enc); } else if (retval == 0) { /*No padata; we send*/ krb5_enc_data enc; krb5_pa_data **pa = NULL; krb5_data *encoded_ts = NULL; krb5_pa_enc_ts ts; enc.ciphertext.data = NULL; /* Use the timestamp from the preauth-required error if possible. * This time should always be secured by the FAST channel. */ retval = cb->get_preauth_time(context, rock, FALSE, &ts.patimestamp, &ts.pausec); if (retval == 0) retval = encode_krb5_pa_enc_ts(&ts, &encoded_ts); if (retval == 0) retval = krb5_c_fx_cf2_simple(context, armor_key, "clientchallengearmor", as_key, "challengelongterm", &challenge_key); if (retval == 0) retval = krb5_encrypt_helper(context, challenge_key, KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT, encoded_ts, &enc); if (encoded_ts) krb5_free_data(context, encoded_ts); encoded_ts = NULL; if (retval == 0) { retval = encode_krb5_enc_data(&enc, &encoded_ts); krb5_free_data_contents(context, &enc.ciphertext); } if (retval == 0) { pa = calloc(2, sizeof(krb5_pa_data *)); if (pa == NULL) retval = ENOMEM; } if (retval == 0) { pa[0] = calloc(1, sizeof(krb5_pa_data)); if (pa[0] == NULL) retval = ENOMEM; } if (retval == 0) { pa[0]->length = encoded_ts->length; pa[0]->contents = (unsigned char *) encoded_ts->data; pa[0]->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE; encoded_ts->data = NULL; *out_padata = pa; pa = NULL; } free(pa); krb5_free_data(context, encoded_ts); } if (challenge_key) krb5_free_keyblock(context, challenge_key); return retval; }
static krb5_error_code encts_process(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, krb5_pa_data *padata, krb5_prompter_fct prompter, void *prompter_data, krb5_pa_data ***out_padata) { krb5_error_code ret; krb5_pa_enc_ts pa_enc; krb5_data *ts = NULL, *enc_ts = NULL; krb5_enc_data enc_data; krb5_pa_data **pa = NULL; krb5_keyblock *as_key; enc_data.ciphertext = empty_data(); ret = cb->get_as_key(context, rock, &as_key); if (ret) goto cleanup; TRACE_PREAUTH_ENC_TS_KEY_GAK(context, as_key); /* * Try and use the timestamp of the preauth request, even if it's * unauthenticated. We could be fooled into making a preauth response for * a future time, but that has no security consequences other than the * KDC's audit logs. If kdc_timesync is not configured, then this will * just use local time. */ ret = cb->get_preauth_time(context, rock, TRUE, &pa_enc.patimestamp, &pa_enc.pausec); if (ret) goto cleanup; ret = encode_krb5_pa_enc_ts(&pa_enc, &ts); if (ret) goto cleanup; ret = krb5_encrypt_helper(context, as_key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, ts, &enc_data); if (ret) goto cleanup; TRACE_PREAUTH_ENC_TS(context, pa_enc.patimestamp, pa_enc.pausec, ts, &enc_data.ciphertext); ret = encode_krb5_enc_data(&enc_data, &enc_ts); if (ret) goto cleanup; pa = k5alloc(2 * sizeof(krb5_pa_data *), &ret); if (pa == NULL) goto cleanup; pa[0] = k5alloc(sizeof(krb5_pa_data), &ret); if (pa[0] == NULL) goto cleanup; pa[0]->magic = KV5M_PA_DATA; pa[0]->pa_type = KRB5_PADATA_ENC_TIMESTAMP; pa[0]->length = enc_ts->length; pa[0]->contents = (krb5_octet *) enc_ts->data; enc_ts->data = NULL; pa[1] = NULL; *out_padata = pa; pa = NULL; cleanup: krb5_free_data(context, ts); krb5_free_data(context, enc_ts); free(enc_data.ciphertext.data); free(pa); return ret; }
/*ARGSUSED*/ static krb5_error_code pa_enc_timestamp(krb5_context context, krb5_kdc_req *request, krb5_pa_data *in_padata, krb5_pa_data **out_padata, krb5_data *salt, krb5_data *s2kparams, krb5_enctype *etype, krb5_keyblock *as_key, krb5_prompter_fct prompter, void *prompter_data, krb5_gic_get_as_key_fct gak_fct, void *gak_data) { krb5_error_code ret; krb5_pa_enc_ts pa_enc; krb5_data *tmp; krb5_enc_data enc_data; krb5_pa_data *pa; if (as_key->length == 0) { #ifdef DEBUG if (salt != NULL && salt->data != NULL) { fprintf (stderr, "%s:%d: salt len=%d", __FILE__, __LINE__, salt->length); if (salt->length > 0) fprintf (stderr, " '%*s'", salt->length, salt->data); fprintf (stderr, "; *etype=%d request->ktype[0]=%d\n", *etype, request->ktype[0]); } #endif if ((ret = ((*gak_fct)(context, request->client, *etype ? *etype : request->ktype[0], prompter, prompter_data, salt, s2kparams, as_key, gak_data)))) return(ret); } /* now get the time of day, and encrypt it accordingly */ if ((ret = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec))) return(ret); if ((ret = encode_krb5_pa_enc_ts(&pa_enc, &tmp))) return(ret); #ifdef DEBUG fprintf (stderr, "key type %d bytes %02x %02x ...\n", as_key->enctype, as_key->contents[0], as_key->contents[1]); #endif ret = krb5_encrypt_helper(context, as_key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, tmp, &enc_data); #ifdef DEBUG fprintf (stderr, "enc data { type=%d kvno=%d data=%02x %02x ... }\n", enc_data.enctype, enc_data.kvno, 0xff & enc_data.ciphertext.data[0], 0xff & enc_data.ciphertext.data[1]); #endif krb5_free_data(context, tmp); if (ret) { krb5_xfree(enc_data.ciphertext.data); return(ret); } ret = encode_krb5_enc_data(&enc_data, &tmp); krb5_xfree(enc_data.ciphertext.data); if (ret) return(ret); if ((pa = (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) { krb5_free_data(context, tmp); return(ENOMEM); } pa->magic = KV5M_PA_DATA; pa->pa_type = KRB5_PADATA_ENC_TIMESTAMP; pa->length = tmp->length; pa->contents = (krb5_octet *) tmp->data; *out_padata = pa; krb5_xfree(tmp); return(0); }