1 /* $NetBSD: pac.c,v 1.4 2023/06/19 21:41:44 christos Exp $ */
2
3 /*
4 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "krb5_locl.h"
37 #include <krb5/wind.h>
38
39 struct PAC_INFO_BUFFER {
40 uint32_t type;
41 uint32_t buffersize;
42 uint32_t offset_hi;
43 uint32_t offset_lo;
44 };
45
46 struct PACTYPE {
47 uint32_t numbuffers;
48 uint32_t version;
49 struct PAC_INFO_BUFFER buffers[1];
50 };
51
52 struct krb5_pac_data {
53 struct PACTYPE *pac;
54 krb5_data data;
55 struct PAC_INFO_BUFFER *server_checksum;
56 struct PAC_INFO_BUFFER *privsvr_checksum;
57 struct PAC_INFO_BUFFER *logon_name;
58 };
59
60 #define PAC_ALIGNMENT 8
61
62 #define PACTYPE_SIZE 8
63 #define PAC_INFO_BUFFER_SIZE 16
64
65 #define PAC_SERVER_CHECKSUM 6
66 #define PAC_PRIVSVR_CHECKSUM 7
67 #define PAC_LOGON_NAME 10
68 #define PAC_CONSTRAINED_DELEGATION 11
69
70 #define CHECK(r,f,l) \
71 do { \
72 if (((r) = f ) != 0) { \
73 krb5_clear_error_message(context); \
74 goto l; \
75 } \
76 } while(0)
77
78 static const char zeros[PAC_ALIGNMENT] = { 0 };
79
80 /*
81 * HMAC-MD5 checksum over any key (needed for the PAC routines)
82 */
83
84 static krb5_error_code
HMAC_MD5_any_checksum(krb5_context context,const krb5_keyblock * key,const void * data,size_t len,unsigned usage,Checksum * result)85 HMAC_MD5_any_checksum(krb5_context context,
86 const krb5_keyblock *key,
87 const void *data,
88 size_t len,
89 unsigned usage,
90 Checksum *result)
91 {
92 struct _krb5_key_data local_key;
93 krb5_error_code ret;
94
95 memset(&local_key, 0, sizeof(local_key));
96
97 ret = krb5_copy_keyblock(context, key, &local_key.key);
98 if (ret)
99 return ret;
100
101 ret = krb5_data_alloc (&result->checksum, 16);
102 if (ret) {
103 krb5_free_keyblock(context, local_key.key);
104 return ret;
105 }
106
107 result->cksumtype = CKSUMTYPE_HMAC_MD5;
108 ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
109 if (ret)
110 krb5_data_free(&result->checksum);
111
112 krb5_free_keyblock(context, local_key.key);
113 return ret;
114 }
115
116
pac_header_size(krb5_context context,uint32_t num_buffers,uint32_t * result)117 static krb5_error_code pac_header_size(krb5_context context,
118 uint32_t num_buffers,
119 uint32_t *result)
120 {
121 krb5_error_code ret;
122 uint32_t header_size;
123
124 /* Guard against integer overflow on 32-bit systems. */
125 if (num_buffers > UINT32_MAX / PAC_INFO_BUFFER_SIZE) {
126 ret = EINVAL;
127 krb5_set_error_message(context, ret, "PAC has too many buffers");
128 return ret;
129 }
130 header_size = PAC_INFO_BUFFER_SIZE * num_buffers;
131
132 /* Guard against integer overflow on 32-bit systems. */
133 if (header_size > UINT32_MAX - PACTYPE_SIZE) {
134 ret = EINVAL;
135 krb5_set_error_message(context, ret, "PAC has too many buffers");
136 return ret;
137 }
138 header_size += PACTYPE_SIZE;
139
140 *result = header_size;
141
142 return 0;
143 }
144
pac_aligned_size(krb5_context context,uint32_t size,uint32_t * aligned_size)145 static krb5_error_code pac_aligned_size(krb5_context context,
146 uint32_t size,
147 uint32_t *aligned_size)
148 {
149 krb5_error_code ret;
150
151 /* Guard against integer overflow on 32-bit systems. */
152 if (size > UINT32_MAX - (PAC_ALIGNMENT - 1)) {
153 ret = EINVAL;
154 krb5_set_error_message(context, ret, "integer overrun");
155 return ret;
156 }
157 size += PAC_ALIGNMENT - 1;
158
159 /* align to PAC_ALIGNMENT */
160 size = (size / PAC_ALIGNMENT) * PAC_ALIGNMENT;
161
162 *aligned_size = size;
163
164 return 0;
165 }
166
167 /*
168 *
169 */
170
171 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_parse(krb5_context context,const void * ptr,size_t len,krb5_pac * pac)172 krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
173 krb5_pac *pac)
174 {
175 krb5_error_code ret;
176 krb5_pac p;
177 krb5_storage *sp = NULL;
178 uint32_t i, tmp, tmp2, header_end;
179
180 p = calloc(1, sizeof(*p));
181 if (p == NULL) {
182 ret = krb5_enomem(context);
183 goto out;
184 }
185
186 sp = krb5_storage_from_readonly_mem(ptr, len);
187 if (sp == NULL) {
188 ret = krb5_enomem(context);
189 goto out;
190 }
191 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
192
193 CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
194 CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
195 if (tmp < 1) {
196 ret = EINVAL; /* Too few buffers */
197 krb5_set_error_message(context, ret, N_("PAC have too few buffer", ""));
198 goto out;
199 }
200 if (tmp2 != 0) {
201 ret = EINVAL; /* Wrong version */
202 krb5_set_error_message(context, ret,
203 N_("PAC have wrong version %d", ""),
204 (int)tmp2);
205 goto out;
206 }
207
208 ret = pac_header_size(context, tmp, &header_end);
209 if (ret) {
210 return ret;
211 }
212
213 p->pac = calloc(1, header_end);
214 if (p->pac == NULL) {
215 ret = krb5_enomem(context);
216 goto out;
217 }
218
219 p->pac->numbuffers = tmp;
220 p->pac->version = tmp2;
221
222 if (header_end > len) {
223 ret = EINVAL;
224 goto out;
225 }
226
227 for (i = 0; i < p->pac->numbuffers; i++) {
228 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
229 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
230 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
231 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
232
233 /* consistency checks */
234 if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
235 ret = EINVAL;
236 krb5_set_error_message(context, ret,
237 N_("PAC out of allignment", ""));
238 goto out;
239 }
240 if (p->pac->buffers[i].offset_hi) {
241 ret = EINVAL;
242 krb5_set_error_message(context, ret,
243 N_("PAC high offset set", ""));
244 goto out;
245 }
246 if (p->pac->buffers[i].offset_lo > len) {
247 ret = EINVAL;
248 krb5_set_error_message(context, ret,
249 N_("PAC offset off end", ""));
250 goto out;
251 }
252 if (p->pac->buffers[i].offset_lo < header_end) {
253 ret = EINVAL;
254 krb5_set_error_message(context, ret,
255 N_("PAC offset inside header: %lu %lu", ""),
256 (unsigned long)p->pac->buffers[i].offset_lo,
257 (unsigned long)header_end);
258 goto out;
259 }
260 if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
261 ret = EINVAL;
262 krb5_set_error_message(context, ret, N_("PAC length off end", ""));
263 goto out;
264 }
265
266 /* let save pointer to data we need later */
267 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
268 if (p->server_checksum) {
269 ret = EINVAL;
270 krb5_set_error_message(context, ret,
271 N_("PAC have two server checksums", ""));
272 goto out;
273 }
274 p->server_checksum = &p->pac->buffers[i];
275 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
276 if (p->privsvr_checksum) {
277 ret = EINVAL;
278 krb5_set_error_message(context, ret,
279 N_("PAC have two KDC checksums", ""));
280 goto out;
281 }
282 p->privsvr_checksum = &p->pac->buffers[i];
283 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
284 if (p->logon_name) {
285 ret = EINVAL;
286 krb5_set_error_message(context, ret,
287 N_("PAC have two logon names", ""));
288 goto out;
289 }
290 p->logon_name = &p->pac->buffers[i];
291 }
292 }
293
294 ret = krb5_data_copy(&p->data, ptr, len);
295 if (ret)
296 goto out;
297
298 krb5_storage_free(sp);
299
300 *pac = p;
301 return 0;
302
303 out:
304 if (sp)
305 krb5_storage_free(sp);
306 if (p) {
307 if (p->pac)
308 free(p->pac);
309 free(p);
310 }
311 *pac = NULL;
312
313 return ret;
314 }
315
316 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_init(krb5_context context,krb5_pac * pac)317 krb5_pac_init(krb5_context context, krb5_pac *pac)
318 {
319 krb5_error_code ret;
320 krb5_pac p;
321
322 p = calloc(1, sizeof(*p));
323 if (p == NULL) {
324 return krb5_enomem(context);
325 }
326
327 p->pac = calloc(1, sizeof(*p->pac));
328 if (p->pac == NULL) {
329 free(p);
330 return krb5_enomem(context);
331 }
332
333 ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
334 if (ret) {
335 free (p->pac);
336 free(p);
337 return krb5_enomem(context);
338 }
339
340 *pac = p;
341 return 0;
342 }
343
344 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_add_buffer(krb5_context context,krb5_pac p,uint32_t type,const krb5_data * data)345 krb5_pac_add_buffer(krb5_context context, krb5_pac p,
346 uint32_t type, const krb5_data *data)
347 {
348 krb5_error_code ret;
349 void *ptr;
350 uint32_t unaligned_len, num_buffers, len, offset, header_end, old_end;
351 uint32_t i;
352
353 if (data->length > UINT32_MAX) {
354 ret = EINVAL;
355 krb5_set_error_message(context, ret, "integer overrun");
356 return ret;
357 }
358
359 num_buffers = p->pac->numbuffers;
360
361 if (num_buffers >= UINT32_MAX) {
362 ret = EINVAL;
363 krb5_set_error_message(context, ret, "integer overrun");
364 return ret;
365 }
366 ret = pac_header_size(context, num_buffers + 1, &header_end);
367 if (ret) {
368 return ret;
369 }
370
371 ptr = realloc(p->pac, header_end);
372 if (ptr == NULL)
373 return krb5_enomem(context);
374
375 p->pac = ptr;
376
377 for (i = 0; i < num_buffers; i++) {
378 if (p->pac->buffers[i].offset_lo > UINT32_MAX - PAC_INFO_BUFFER_SIZE) {
379 ret = EINVAL;
380 krb5_set_error_message(context, ret, "integer overrun");
381 return ret;
382 }
383
384 p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
385 }
386
387 if (p->data.length > UINT32_MAX - PAC_INFO_BUFFER_SIZE) {
388 ret = EINVAL;
389 krb5_set_error_message(context, ret, "integer overrun");
390 return ret;
391 }
392 offset = p->data.length + PAC_INFO_BUFFER_SIZE;
393
394 p->pac->buffers[num_buffers].type = type;
395 p->pac->buffers[num_buffers].buffersize = data->length;
396 p->pac->buffers[num_buffers].offset_lo = offset;
397 p->pac->buffers[num_buffers].offset_hi = 0;
398
399 old_end = p->data.length;
400 if (offset > UINT32_MAX - data->length) {
401 krb5_set_error_message(context, EINVAL, "integer overrun");
402 return EINVAL;
403 }
404 unaligned_len = offset + data->length;
405
406 ret = pac_aligned_size(context, unaligned_len, &len);
407 if (ret)
408 return ret;
409
410 ret = krb5_data_realloc(&p->data, len);
411 if (ret) {
412 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
413 return ret;
414 }
415
416 /*
417 * make place for new PAC INFO BUFFER header
418 */
419 header_end -= PAC_INFO_BUFFER_SIZE;
420 memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
421 (unsigned char *)p->data.data + header_end ,
422 old_end - header_end);
423 memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
424
425 /*
426 * copy in new data part
427 */
428
429 memcpy((unsigned char *)p->data.data + offset,
430 data->data, data->length);
431 memset((unsigned char *)p->data.data + offset + data->length,
432 0, p->data.length - unaligned_len);
433
434 p->pac->numbuffers += 1;
435
436 return 0;
437 }
438
439 /**
440 * Get the PAC buffer of specific type from the pac.
441 *
442 * @param context Kerberos 5 context.
443 * @param p the pac structure returned by krb5_pac_parse().
444 * @param type type of buffer to get
445 * @param data return data, free with krb5_data_free().
446 *
447 * @return Returns 0 to indicate success. Otherwise an kerberos et
448 * error code is returned, see krb5_get_error_message().
449 *
450 * @ingroup krb5_pac
451 */
452
453 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_get_buffer(krb5_context context,krb5_pac p,uint32_t type,krb5_data * data)454 krb5_pac_get_buffer(krb5_context context, krb5_pac p,
455 uint32_t type, krb5_data *data)
456 {
457 krb5_error_code ret;
458 uint32_t i;
459
460 for (i = 0; i < p->pac->numbuffers; i++) {
461 const uint32_t len = p->pac->buffers[i].buffersize;
462 const uint32_t offset = p->pac->buffers[i].offset_lo;
463
464 if (p->pac->buffers[i].type != type)
465 continue;
466
467 ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
468 if (ret) {
469 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
470 return ret;
471 }
472 return 0;
473 }
474 krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found",
475 (unsigned long)type);
476 return ENOENT;
477 }
478
479 /*
480 *
481 */
482
483 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_get_types(krb5_context context,krb5_pac p,size_t * len,uint32_t ** types)484 krb5_pac_get_types(krb5_context context,
485 krb5_pac p,
486 size_t *len,
487 uint32_t **types)
488 {
489 size_t i;
490
491 *types = calloc(p->pac->numbuffers, sizeof(**types));
492 if (*types == NULL) {
493 *len = 0;
494 return krb5_enomem(context);
495 }
496 for (i = 0; i < p->pac->numbuffers; i++)
497 (*types)[i] = p->pac->buffers[i].type;
498 *len = p->pac->numbuffers;
499
500 return 0;
501 }
502
503 /*
504 *
505 */
506
507 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_pac_free(krb5_context context,krb5_pac pac)508 krb5_pac_free(krb5_context context, krb5_pac pac)
509 {
510 krb5_data_free(&pac->data);
511 free(pac->pac);
512 free(pac);
513 }
514
515 /*
516 *
517 */
518
519 static krb5_error_code
verify_checksum(krb5_context context,const struct PAC_INFO_BUFFER * sig,const krb5_data * data,void * ptr,size_t len,const krb5_keyblock * key)520 verify_checksum(krb5_context context,
521 const struct PAC_INFO_BUFFER *sig,
522 const krb5_data *data,
523 void *ptr, size_t len,
524 const krb5_keyblock *key)
525 {
526 krb5_storage *sp = NULL;
527 uint32_t type;
528 krb5_error_code ret;
529 Checksum cksum;
530
531 memset(&cksum, 0, sizeof(cksum));
532
533 sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
534 sig->buffersize);
535 if (sp == NULL)
536 return krb5_enomem(context);
537
538 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
539
540 CHECK(ret, krb5_ret_uint32(sp, &type), out);
541 cksum.cksumtype = type;
542 cksum.checksum.length =
543 sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
544 cksum.checksum.data = malloc(cksum.checksum.length);
545 if (cksum.checksum.data == NULL) {
546 ret = krb5_enomem(context);
547 goto out;
548 }
549 ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
550 if (ret != (int)cksum.checksum.length) {
551 ret = EINVAL;
552 krb5_set_error_message(context, ret, "PAC checksum missing checksum");
553 goto out;
554 }
555
556 if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
557 ret = EINVAL;
558 krb5_set_error_message(context, ret, "Checksum type %d not keyed",
559 cksum.cksumtype);
560 goto out;
561 }
562
563 /* If the checksum is HMAC-MD5, the checksum type is not tied to
564 * the key type, instead the HMAC-MD5 checksum is applied blindly
565 * on whatever key is used for this connection, avoiding issues
566 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
567 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
568 * for the same issue in MIT, and
569 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
570 * for Microsoft's explaination */
571
572 if (cksum.cksumtype == CKSUMTYPE_HMAC_MD5) {
573 Checksum local_checksum;
574
575 memset(&local_checksum, 0, sizeof(local_checksum));
576
577 ret = HMAC_MD5_any_checksum(context, key, ptr, len,
578 KRB5_KU_OTHER_CKSUM, &local_checksum);
579
580 if (ret != 0 || krb5_data_ct_cmp(&local_checksum.checksum, &cksum.checksum) != 0) {
581 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
582 krb5_set_error_message(context, ret,
583 N_("PAC integrity check failed for "
584 "hmac-md5 checksum", ""));
585 }
586 krb5_data_free(&local_checksum.checksum);
587
588 } else {
589 krb5_crypto crypto = NULL;
590
591 ret = krb5_crypto_init(context, key, 0, &crypto);
592 if (ret)
593 goto out;
594
595 ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
596 ptr, len, &cksum);
597 krb5_crypto_destroy(context, crypto);
598 }
599 free(cksum.checksum.data);
600 krb5_storage_free(sp);
601
602 return ret;
603
604 out:
605 if (cksum.checksum.data)
606 free(cksum.checksum.data);
607 if (sp)
608 krb5_storage_free(sp);
609 return ret;
610 }
611
612 static krb5_error_code
create_checksum(krb5_context context,const krb5_keyblock * key,uint32_t cksumtype,void * data,size_t datalen,void * sig,size_t siglen)613 create_checksum(krb5_context context,
614 const krb5_keyblock *key,
615 uint32_t cksumtype,
616 void *data, size_t datalen,
617 void *sig, size_t siglen)
618 {
619 krb5_crypto crypto = NULL;
620 krb5_error_code ret;
621 Checksum cksum;
622
623 /* If the checksum is HMAC-MD5, the checksum type is not tied to
624 * the key type, instead the HMAC-MD5 checksum is applied blindly
625 * on whatever key is used for this connection, avoiding issues
626 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
627 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
628 * for the same issue in MIT, and
629 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
630 * for Microsoft's explaination */
631
632 if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) {
633 ret = HMAC_MD5_any_checksum(context, key, data, datalen,
634 KRB5_KU_OTHER_CKSUM, &cksum);
635 if (ret)
636 return ret;
637 } else {
638 ret = krb5_crypto_init(context, key, 0, &crypto);
639 if (ret)
640 return ret;
641
642 ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
643 data, datalen, &cksum);
644 krb5_crypto_destroy(context, crypto);
645 if (ret)
646 return ret;
647 }
648 if (cksum.checksum.length != siglen) {
649 krb5_set_error_message(context, EINVAL, "pac checksum wrong length");
650 free_Checksum(&cksum);
651 return EINVAL;
652 }
653
654 memcpy(sig, cksum.checksum.data, siglen);
655 free_Checksum(&cksum);
656
657 return 0;
658 }
659
660
661 /*
662 *
663 */
664
665 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
666
667 static uint64_t
unix2nttime(time_t unix_time)668 unix2nttime(time_t unix_time)
669 {
670 long long wt;
671 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
672 return wt;
673 }
674
675 static krb5_error_code
verify_logonname(krb5_context context,const struct PAC_INFO_BUFFER * logon_name,const krb5_data * data,time_t authtime,krb5_const_principal principal)676 verify_logonname(krb5_context context,
677 const struct PAC_INFO_BUFFER *logon_name,
678 const krb5_data *data,
679 time_t authtime,
680 krb5_const_principal principal)
681 {
682 krb5_error_code ret;
683 uint32_t time1, time2;
684 krb5_storage *sp;
685 uint16_t len;
686 char *s = NULL;
687 char *principal_string = NULL;
688 char *logon_string = NULL;
689
690 sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
691 logon_name->buffersize);
692 if (sp == NULL)
693 return krb5_enomem(context);
694
695 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
696
697 CHECK(ret, krb5_ret_uint32(sp, &time1), out);
698 CHECK(ret, krb5_ret_uint32(sp, &time2), out);
699
700 {
701 uint64_t t1, t2;
702 t1 = unix2nttime(authtime);
703 t2 = ((uint64_t)time2 << 32) | time1;
704 /*
705 * When neither the ticket nor the PAC set an explicit authtime,
706 * both times are zero, but relative to different time scales.
707 * So we must compare "not set" values without converting to a
708 * common time reference.
709 */
710 if (t1 != t2 && (t2 != 0 && authtime != 0)) {
711 krb5_storage_free(sp);
712 krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch");
713 return EINVAL;
714 }
715 }
716 CHECK(ret, krb5_ret_uint16(sp, &len), out);
717 if (len == 0) {
718 krb5_storage_free(sp);
719 krb5_set_error_message(context, EINVAL, "PAC logon name length missing");
720 return EINVAL;
721 }
722
723 s = malloc(len);
724 if (s == NULL) {
725 krb5_storage_free(sp);
726 return krb5_enomem(context);
727 }
728 ret = krb5_storage_read(sp, s, len);
729 if (ret != len) {
730 krb5_storage_free(sp);
731 krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name");
732 return EINVAL;
733 }
734 krb5_storage_free(sp);
735 {
736 size_t ucs2len = len / 2;
737 uint16_t *ucs2;
738 size_t u8len;
739 unsigned int flags = WIND_RW_LE;
740
741 ucs2 = malloc(sizeof(ucs2[0]) * ucs2len);
742 if (ucs2 == NULL)
743 return krb5_enomem(context);
744
745 ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len);
746 free(s);
747 if (ret) {
748 free(ucs2);
749 krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");
750 return ret;
751 }
752 ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len);
753 if (ret) {
754 free(ucs2);
755 krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string");
756 return ret;
757 }
758 u8len += 1; /* Add space for NUL */
759 logon_string = malloc(u8len);
760 if (logon_string == NULL) {
761 free(ucs2);
762 return krb5_enomem(context);
763 }
764 ret = wind_ucs2utf8(ucs2, ucs2len, logon_string, &u8len);
765 free(ucs2);
766 if (ret) {
767 free(logon_string);
768 krb5_set_error_message(context, ret, "Failed to convert to UTF-8");
769 return ret;
770 }
771 }
772 ret = krb5_unparse_name_flags(context, principal,
773 KRB5_PRINCIPAL_UNPARSE_NO_REALM |
774 KRB5_PRINCIPAL_UNPARSE_DISPLAY,
775 &principal_string);
776 if (ret) {
777 free(logon_string);
778 return ret;
779 }
780
781 ret = strcmp(logon_string, principal_string);
782 if (ret != 0) {
783 ret = EINVAL;
784 krb5_set_error_message(context, ret, "PAC logon name [%s] mismatch principal name [%s]",
785 logon_string, principal_string);
786 }
787 free(logon_string);
788 free(principal_string);
789 return ret;
790 out:
791 return ret;
792 }
793
794 /*
795 *
796 */
797
798 static krb5_error_code
build_logon_name(krb5_context context,time_t authtime,krb5_const_principal principal,krb5_data * logon)799 build_logon_name(krb5_context context,
800 time_t authtime,
801 krb5_const_principal principal,
802 krb5_data *logon)
803 {
804 krb5_error_code ret;
805 krb5_storage *sp;
806 uint64_t t;
807 char *s, *s2;
808 size_t s2_len;
809
810 t = unix2nttime(authtime);
811
812 krb5_data_zero(logon);
813
814 sp = krb5_storage_emem();
815 if (sp == NULL)
816 return krb5_enomem(context);
817
818 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
819
820 CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
821 CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
822
823 ret = krb5_unparse_name_flags(context, principal,
824 KRB5_PRINCIPAL_UNPARSE_NO_REALM |
825 KRB5_PRINCIPAL_UNPARSE_DISPLAY,
826 &s);
827 if (ret)
828 goto out;
829
830 {
831 size_t ucs2_len;
832 uint16_t *ucs2;
833 unsigned int flags;
834
835 ret = wind_utf8ucs2_length(s, &ucs2_len);
836 if (ret) {
837 krb5_set_error_message(context, ret, "Principal %s is not valid UTF-8", s);
838 free(s);
839 return ret;
840 }
841
842 ucs2 = malloc(sizeof(ucs2[0]) * ucs2_len);
843 if (ucs2 == NULL) {
844 free(s);
845 return krb5_enomem(context);
846 }
847
848 ret = wind_utf8ucs2(s, ucs2, &ucs2_len);
849 if (ret) {
850 free(ucs2);
851 krb5_set_error_message(context, ret, "Principal %s is not valid UTF-8", s);
852 free(s);
853 return ret;
854 } else
855 free(s);
856
857 s2_len = (ucs2_len + 1) * 2;
858 s2 = malloc(s2_len);
859 if (s2 == NULL) {
860 free(ucs2);
861 return krb5_enomem(context);
862 }
863
864 flags = WIND_RW_LE;
865 ret = wind_ucs2write(ucs2, ucs2_len,
866 &flags, s2, &s2_len);
867 free(ucs2);
868 if (ret) {
869 free(s2);
870 krb5_set_error_message(context, ret, "Failed to write to UCS-2 buffer");
871 return ret;
872 }
873
874 /*
875 * we do not want zero termination
876 */
877 s2_len = ucs2_len * 2;
878 }
879
880 CHECK(ret, krb5_store_uint16(sp, s2_len), out);
881
882 ret = krb5_storage_write(sp, s2, s2_len);
883 free(s2);
884 if (ret != (int)s2_len) {
885 ret = krb5_enomem(context);
886 goto out;
887 }
888 ret = krb5_storage_to_data(sp, logon);
889 if (ret)
890 goto out;
891 krb5_storage_free(sp);
892
893 return 0;
894 out:
895 krb5_storage_free(sp);
896 return ret;
897 }
898
899
900 /**
901 * Verify the PAC.
902 *
903 * @param context Kerberos 5 context.
904 * @param pac the pac structure returned by krb5_pac_parse().
905 * @param authtime The time of the ticket the PAC belongs to.
906 * @param principal the principal to verify.
907 * @param server The service key, most always be given.
908 * @param privsvr The KDC key, may be given.
909
910 * @return Returns 0 to indicate success. Otherwise an kerberos et
911 * error code is returned, see krb5_get_error_message().
912 *
913 * @ingroup krb5_pac
914 */
915
916 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_verify(krb5_context context,const krb5_pac pac,time_t authtime,krb5_const_principal principal,const krb5_keyblock * server,const krb5_keyblock * privsvr)917 krb5_pac_verify(krb5_context context,
918 const krb5_pac pac,
919 time_t authtime,
920 krb5_const_principal principal,
921 const krb5_keyblock *server,
922 const krb5_keyblock *privsvr)
923 {
924 krb5_error_code ret;
925
926 if (pac->server_checksum == NULL) {
927 krb5_set_error_message(context, EINVAL, "PAC missing server checksum");
928 return EINVAL;
929 }
930 if (pac->privsvr_checksum == NULL) {
931 krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum");
932 return EINVAL;
933 }
934 if (pac->logon_name == NULL) {
935 krb5_set_error_message(context, EINVAL, "PAC missing logon name");
936 return EINVAL;
937 }
938
939 ret = verify_logonname(context,
940 pac->logon_name,
941 &pac->data,
942 authtime,
943 principal);
944 if (ret)
945 return ret;
946
947 /*
948 * in the service case, clean out data option of the privsvr and
949 * server checksum before checking the checksum.
950 */
951 {
952 krb5_data *copy;
953
954 if (pac->server_checksum->buffersize < 4 ||
955 pac->privsvr_checksum->buffersize < 4)
956 return EINVAL;
957
958 ret = krb5_copy_data(context, &pac->data, ©);
959 if (ret)
960 return ret;
961
962 memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
963 0,
964 pac->server_checksum->buffersize - 4);
965
966 memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
967 0,
968 pac->privsvr_checksum->buffersize - 4);
969
970 ret = verify_checksum(context,
971 pac->server_checksum,
972 &pac->data,
973 copy->data,
974 copy->length,
975 server);
976 krb5_free_data(context, copy);
977 if (ret)
978 return ret;
979 }
980 if (privsvr) {
981 /* The priv checksum covers the server checksum */
982 ret = verify_checksum(context,
983 pac->privsvr_checksum,
984 &pac->data,
985 (char *)pac->data.data
986 + pac->server_checksum->offset_lo + 4,
987 pac->server_checksum->buffersize - 4,
988 privsvr);
989 if (ret)
990 return ret;
991 }
992
993 return 0;
994 }
995
996 /*
997 *
998 */
999
1000 static krb5_error_code
fill_zeros(krb5_context context,krb5_storage * sp,size_t len)1001 fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
1002 {
1003 ssize_t sret;
1004 size_t l;
1005
1006 while (len) {
1007 l = len;
1008 if (l > sizeof(zeros))
1009 l = sizeof(zeros);
1010 sret = krb5_storage_write(sp, zeros, l);
1011 if (sret <= 0)
1012 return krb5_enomem(context);
1013
1014 len -= sret;
1015 }
1016 return 0;
1017 }
1018
1019 static krb5_error_code
pac_checksum(krb5_context context,const krb5_keyblock * key,uint32_t * cksumtype,size_t * cksumsize)1020 pac_checksum(krb5_context context,
1021 const krb5_keyblock *key,
1022 uint32_t *cksumtype,
1023 size_t *cksumsize)
1024 {
1025 krb5_cksumtype cktype;
1026 krb5_error_code ret;
1027 krb5_crypto crypto = NULL;
1028
1029 ret = krb5_crypto_init(context, key, 0, &crypto);
1030 if (ret)
1031 return ret;
1032
1033 ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
1034 krb5_crypto_destroy(context, crypto);
1035 if (ret)
1036 return ret;
1037
1038 if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
1039 *cksumtype = CKSUMTYPE_HMAC_MD5;
1040 *cksumsize = 16;
1041 }
1042
1043 ret = krb5_checksumsize(context, cktype, cksumsize);
1044 if (ret)
1045 return ret;
1046
1047 *cksumtype = (uint32_t)cktype;
1048
1049 return 0;
1050 }
1051
1052 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pac_sign(krb5_context context,krb5_pac p,time_t authtime,krb5_principal principal,const krb5_keyblock * server_key,const krb5_keyblock * priv_key,krb5_data * data)1053 _krb5_pac_sign(krb5_context context,
1054 krb5_pac p,
1055 time_t authtime,
1056 krb5_principal principal,
1057 const krb5_keyblock *server_key,
1058 const krb5_keyblock *priv_key,
1059 krb5_data *data)
1060 {
1061 krb5_error_code ret;
1062 krb5_storage *sp = NULL, *spdata = NULL;
1063 uint32_t end;
1064 size_t server_size, priv_size;
1065 uint32_t server_offset = 0, priv_offset = 0;
1066 uint32_t server_cksumtype = 0, priv_cksumtype = 0;
1067 uint32_t num = 0;
1068 uint32_t i;
1069 krb5_data logon, d;
1070
1071 krb5_data_zero(&logon);
1072
1073 for (i = 0; i < p->pac->numbuffers; i++) {
1074 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
1075 if (p->server_checksum == NULL) {
1076 p->server_checksum = &p->pac->buffers[i];
1077 }
1078 if (p->server_checksum != &p->pac->buffers[i]) {
1079 ret = EINVAL;
1080 krb5_set_error_message(context, ret,
1081 N_("PAC have two server checksums", ""));
1082 goto out;
1083 }
1084 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
1085 if (p->privsvr_checksum == NULL) {
1086 p->privsvr_checksum = &p->pac->buffers[i];
1087 }
1088 if (p->privsvr_checksum != &p->pac->buffers[i]) {
1089 ret = EINVAL;
1090 krb5_set_error_message(context, ret,
1091 N_("PAC have two KDC checksums", ""));
1092 goto out;
1093 }
1094 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
1095 if (p->logon_name == NULL) {
1096 p->logon_name = &p->pac->buffers[i];
1097 }
1098 if (p->logon_name != &p->pac->buffers[i]) {
1099 ret = EINVAL;
1100 krb5_set_error_message(context, ret,
1101 N_("PAC have two logon names", ""));
1102 goto out;
1103 }
1104 }
1105 }
1106
1107 if (p->logon_name == NULL)
1108 num++;
1109 if (p->server_checksum == NULL)
1110 num++;
1111 if (p->privsvr_checksum == NULL)
1112 num++;
1113
1114 if (num) {
1115 void *ptr;
1116 uint32_t len;
1117
1118 if (p->pac->numbuffers > UINT32_MAX - num) {
1119 ret = EINVAL;
1120 krb5_set_error_message(context, ret, "integer overrun");
1121 goto out;
1122 }
1123 ret = pac_header_size(context, p->pac->numbuffers + num, &len);
1124 if (ret)
1125 goto out;
1126
1127 ptr = realloc(p->pac, len);
1128 if (ptr == NULL)
1129 return krb5_enomem(context);
1130
1131 p->pac = ptr;
1132
1133 if (p->logon_name == NULL) {
1134 p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
1135 memset(p->logon_name, 0, sizeof(*p->logon_name));
1136 p->logon_name->type = PAC_LOGON_NAME;
1137 }
1138 if (p->server_checksum == NULL) {
1139 p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
1140 memset(p->server_checksum, 0, sizeof(*p->server_checksum));
1141 p->server_checksum->type = PAC_SERVER_CHECKSUM;
1142 }
1143 if (p->privsvr_checksum == NULL) {
1144 p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
1145 memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
1146 p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
1147 }
1148 }
1149
1150 /* Calculate LOGON NAME */
1151 ret = build_logon_name(context, authtime, principal, &logon);
1152 if (ret)
1153 goto out;
1154
1155 /* Set lengths for checksum */
1156 ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
1157 if (ret)
1158 goto out;
1159 ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
1160 if (ret)
1161 goto out;
1162
1163 /* Encode PAC */
1164 sp = krb5_storage_emem();
1165 if (sp == NULL)
1166 return krb5_enomem(context);
1167
1168 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1169
1170 spdata = krb5_storage_emem();
1171 if (spdata == NULL) {
1172 krb5_storage_free(sp);
1173 return krb5_enomem(context);
1174 }
1175 krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
1176
1177 CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
1178 CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
1179
1180 ret = pac_header_size(context, p->pac->numbuffers, &end);
1181 if (ret)
1182 goto out;
1183
1184 for (i = 0; i < p->pac->numbuffers; i++) {
1185 uint32_t len;
1186 size_t sret;
1187 void *ptr = NULL;
1188
1189 /* store data */
1190
1191 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
1192 if (server_size > UINT32_MAX - 4) {
1193 ret = EINVAL;
1194 krb5_set_error_message(context, ret, "integer overrun");
1195 goto out;
1196 }
1197 if (end > UINT32_MAX - 4) {
1198 ret = EINVAL;
1199 krb5_set_error_message(context, ret, "integer overrun");
1200 goto out;
1201 }
1202 len = server_size + 4;
1203 server_offset = end + 4;
1204 CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
1205 CHECK(ret, fill_zeros(context, spdata, server_size), out);
1206 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
1207 if (priv_size > UINT32_MAX - 4) {
1208 ret = EINVAL;
1209 krb5_set_error_message(context, ret, "integer overrun");
1210 goto out;
1211 }
1212 if (end > UINT32_MAX - 4) {
1213 ret = EINVAL;
1214 krb5_set_error_message(context, ret, "integer overrun");
1215 goto out;
1216 }
1217 len = priv_size + 4;
1218 priv_offset = end + 4;
1219 CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
1220 CHECK(ret, fill_zeros(context, spdata, priv_size), out);
1221 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
1222 len = krb5_storage_write(spdata, logon.data, logon.length);
1223 if (logon.length != len) {
1224 ret = EINVAL;
1225 goto out;
1226 }
1227 } else {
1228 len = p->pac->buffers[i].buffersize;
1229 ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
1230
1231 sret = krb5_storage_write(spdata, ptr, len);
1232 if (sret != len) {
1233 ret = krb5_enomem(context);
1234 goto out;
1235 }
1236 /* XXX if not aligned, fill_zeros */
1237 }
1238
1239 /* write header */
1240 CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
1241 CHECK(ret, krb5_store_uint32(sp, len), out);
1242 CHECK(ret, krb5_store_uint32(sp, end), out);
1243 CHECK(ret, krb5_store_uint32(sp, 0), out);
1244
1245 /* advance data endpointer and align */
1246 {
1247 uint32_t e;
1248
1249 if (end > UINT32_MAX - len) {
1250 ret = EINVAL;
1251 krb5_set_error_message(context, ret, "integer overrun");
1252 goto out;
1253 }
1254 end += len;
1255
1256 ret = pac_aligned_size(context, end, &e);
1257 if (ret)
1258 goto out;
1259
1260 if (end != e) {
1261 CHECK(ret, fill_zeros(context, spdata, e - end), out);
1262 }
1263 end = e;
1264 }
1265
1266 }
1267
1268 /* assert (server_offset != 0 && priv_offset != 0); */
1269
1270 /* export PAC */
1271 ret = krb5_storage_to_data(spdata, &d);
1272 if (ret) {
1273 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1274 goto out;
1275 }
1276 ret = krb5_storage_write(sp, d.data, d.length);
1277 if (ret != (int)d.length) {
1278 krb5_data_free(&d);
1279 ret = krb5_enomem(context);
1280 goto out;
1281 }
1282 krb5_data_free(&d);
1283
1284 ret = krb5_storage_to_data(sp, &d);
1285 if (ret) {
1286 ret = krb5_enomem(context);
1287 goto out;
1288 }
1289
1290 /* sign */
1291 ret = create_checksum(context, server_key, server_cksumtype,
1292 d.data, d.length,
1293 (char *)d.data + server_offset, server_size);
1294 if (ret) {
1295 krb5_data_free(&d);
1296 goto out;
1297 }
1298 ret = create_checksum(context, priv_key, priv_cksumtype,
1299 (char *)d.data + server_offset, server_size,
1300 (char *)d.data + priv_offset, priv_size);
1301 if (ret) {
1302 krb5_data_free(&d);
1303 goto out;
1304 }
1305
1306 /* done */
1307 *data = d;
1308
1309 krb5_data_free(&logon);
1310 krb5_storage_free(sp);
1311 krb5_storage_free(spdata);
1312
1313 return 0;
1314 out:
1315 krb5_data_free(&logon);
1316 if (sp)
1317 krb5_storage_free(sp);
1318 if (spdata)
1319 krb5_storage_free(spdata);
1320 return ret;
1321 }
1322