xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/krb5/rd_cred.c (revision 241bea01a19bbb306af27777a870b86d41cb3fda) 
1*241bea01Schristos /*	$NetBSD: rd_cred.c,v 1.3 2019/12/15 22:50:50 christos Exp $	*/
2ca1c9b0cSelric 
3ca1c9b0cSelric /*
4ca1c9b0cSelric  * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
5ca1c9b0cSelric  * (Royal Institute of Technology, Stockholm, Sweden).
6ca1c9b0cSelric  * All rights reserved.
7ca1c9b0cSelric  *
8ca1c9b0cSelric  * Redistribution and use in source and binary forms, with or without
9ca1c9b0cSelric  * modification, are permitted provided that the following conditions
10ca1c9b0cSelric  * are met:
11ca1c9b0cSelric  *
12ca1c9b0cSelric  * 1. Redistributions of source code must retain the above copyright
13ca1c9b0cSelric  *    notice, this list of conditions and the following disclaimer.
14ca1c9b0cSelric  *
15ca1c9b0cSelric  * 2. Redistributions in binary form must reproduce the above copyright
16ca1c9b0cSelric  *    notice, this list of conditions and the following disclaimer in the
17ca1c9b0cSelric  *    documentation and/or other materials provided with the distribution.
18ca1c9b0cSelric  *
19ca1c9b0cSelric  * 3. Neither the name of the Institute nor the names of its contributors
20ca1c9b0cSelric  *    may be used to endorse or promote products derived from this software
21ca1c9b0cSelric  *    without specific prior written permission.
22ca1c9b0cSelric  *
23ca1c9b0cSelric  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24ca1c9b0cSelric  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25ca1c9b0cSelric  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26ca1c9b0cSelric  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27ca1c9b0cSelric  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28ca1c9b0cSelric  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29ca1c9b0cSelric  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30ca1c9b0cSelric  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31ca1c9b0cSelric  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32ca1c9b0cSelric  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33ca1c9b0cSelric  * SUCH DAMAGE.
34ca1c9b0cSelric  */
35ca1c9b0cSelric 
36ca1c9b0cSelric #include "krb5_locl.h"
37ca1c9b0cSelric 
38ca1c9b0cSelric static krb5_error_code
compare_addrs(krb5_context context,krb5_address * a,krb5_address * b,const char * message)39ca1c9b0cSelric compare_addrs(krb5_context context,
40ca1c9b0cSelric 	      krb5_address *a,
41ca1c9b0cSelric 	      krb5_address *b,
42ca1c9b0cSelric 	      const char *message)
43ca1c9b0cSelric {
44ca1c9b0cSelric     char a_str[64], b_str[64];
45ca1c9b0cSelric     size_t len;
46ca1c9b0cSelric 
47ca1c9b0cSelric     if(krb5_address_compare (context, a, b))
48ca1c9b0cSelric 	return 0;
49ca1c9b0cSelric 
50ca1c9b0cSelric     krb5_print_address (a, a_str, sizeof(a_str), &len);
51ca1c9b0cSelric     krb5_print_address (b, b_str, sizeof(b_str), &len);
52ca1c9b0cSelric     krb5_set_error_message(context, KRB5KRB_AP_ERR_BADADDR,
53ca1c9b0cSelric 			   "%s: %s != %s", message, b_str, a_str);
54ca1c9b0cSelric     return KRB5KRB_AP_ERR_BADADDR;
55ca1c9b0cSelric }
56ca1c9b0cSelric 
57ca1c9b0cSelric KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_cred(krb5_context context,krb5_auth_context auth_context,krb5_data * in_data,krb5_creds *** ret_creds,krb5_replay_data * outdata)58ca1c9b0cSelric krb5_rd_cred(krb5_context context,
59ca1c9b0cSelric 	     krb5_auth_context auth_context,
60ca1c9b0cSelric 	     krb5_data *in_data,
61ca1c9b0cSelric 	     krb5_creds ***ret_creds,
62ca1c9b0cSelric 	     krb5_replay_data *outdata)
63ca1c9b0cSelric {
64ca1c9b0cSelric     krb5_error_code ret;
65ca1c9b0cSelric     size_t len;
66ca1c9b0cSelric     KRB_CRED cred;
67ca1c9b0cSelric     EncKrbCredPart enc_krb_cred_part;
68ca1c9b0cSelric     krb5_data enc_krb_cred_part_data;
69ca1c9b0cSelric     krb5_crypto crypto;
704f77a458Spettai     size_t i;
71ca1c9b0cSelric 
72ca1c9b0cSelric     memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
734f77a458Spettai     krb5_data_zero(&enc_krb_cred_part_data);
74ca1c9b0cSelric 
75ca1c9b0cSelric     if ((auth_context->flags &
76ca1c9b0cSelric 	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
77ca1c9b0cSelric 	outdata == NULL)
78ca1c9b0cSelric 	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
79ca1c9b0cSelric 
80ca1c9b0cSelric     *ret_creds = NULL;
81ca1c9b0cSelric 
82ca1c9b0cSelric     ret = decode_KRB_CRED(in_data->data, in_data->length,
83ca1c9b0cSelric 			  &cred, &len);
84ca1c9b0cSelric     if(ret) {
85ca1c9b0cSelric 	krb5_clear_error_message(context);
86ca1c9b0cSelric 	return ret;
87ca1c9b0cSelric     }
88ca1c9b0cSelric 
89ca1c9b0cSelric     if (cred.pvno != 5) {
90ca1c9b0cSelric 	ret = KRB5KRB_AP_ERR_BADVERSION;
91ca1c9b0cSelric 	krb5_clear_error_message (context);
92ca1c9b0cSelric 	goto out;
93ca1c9b0cSelric     }
94ca1c9b0cSelric 
95ca1c9b0cSelric     if (cred.msg_type != krb_cred) {
96ca1c9b0cSelric 	ret = KRB5KRB_AP_ERR_MSG_TYPE;
97ca1c9b0cSelric 	krb5_clear_error_message (context);
98ca1c9b0cSelric 	goto out;
99ca1c9b0cSelric     }
100ca1c9b0cSelric 
101b9d004c6Schristos     if (cred.enc_part.etype == (krb5_enctype)ETYPE_NULL) {
102ca1c9b0cSelric 	/* DK: MIT GSS-API Compatibility */
103ca1c9b0cSelric 	enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
104ca1c9b0cSelric 	enc_krb_cred_part_data.data   = cred.enc_part.cipher.data;
105ca1c9b0cSelric     } else {
106ca1c9b0cSelric 	/* Try both subkey and session key.
107ca1c9b0cSelric 	 *
108ca1c9b0cSelric 	 * RFC4120 claims we should use the session key, but Heimdal
109ca1c9b0cSelric 	 * before 0.8 used the remote subkey if it was send in the
110ca1c9b0cSelric 	 * auth_context.
111ca1c9b0cSelric 	 */
112ca1c9b0cSelric 
113ca1c9b0cSelric 	if (auth_context->remote_subkey) {
114ca1c9b0cSelric 	    ret = krb5_crypto_init(context, auth_context->remote_subkey,
115ca1c9b0cSelric 				   0, &crypto);
116ca1c9b0cSelric 	    if (ret)
117ca1c9b0cSelric 		goto out;
118ca1c9b0cSelric 
119ca1c9b0cSelric 	    ret = krb5_decrypt_EncryptedData(context,
120ca1c9b0cSelric 					     crypto,
121ca1c9b0cSelric 					     KRB5_KU_KRB_CRED,
122ca1c9b0cSelric 					     &cred.enc_part,
123ca1c9b0cSelric 					     &enc_krb_cred_part_data);
124ca1c9b0cSelric 
125ca1c9b0cSelric 	    krb5_crypto_destroy(context, crypto);
126ca1c9b0cSelric 	}
127ca1c9b0cSelric 
128ca1c9b0cSelric 	/*
129ca1c9b0cSelric 	 * If there was not subkey, or we failed using subkey,
130ca1c9b0cSelric 	 * retry using the session key
131ca1c9b0cSelric 	 */
132ca1c9b0cSelric 	if (auth_context->remote_subkey == NULL || ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
133ca1c9b0cSelric 	{
134ca1c9b0cSelric 
135ca1c9b0cSelric 	    ret = krb5_crypto_init(context, auth_context->keyblock,
136ca1c9b0cSelric 				   0, &crypto);
137ca1c9b0cSelric 
138ca1c9b0cSelric 	    if (ret)
139ca1c9b0cSelric 		goto out;
140ca1c9b0cSelric 
141ca1c9b0cSelric 	    ret = krb5_decrypt_EncryptedData(context,
142ca1c9b0cSelric 					     crypto,
143ca1c9b0cSelric 					     KRB5_KU_KRB_CRED,
144ca1c9b0cSelric 					     &cred.enc_part,
145ca1c9b0cSelric 					     &enc_krb_cred_part_data);
146ca1c9b0cSelric 
147ca1c9b0cSelric 	    krb5_crypto_destroy(context, crypto);
148ca1c9b0cSelric 	}
149ca1c9b0cSelric 	if (ret)
150ca1c9b0cSelric 	    goto out;
151ca1c9b0cSelric     }
152ca1c9b0cSelric 
153ca1c9b0cSelric     ret = decode_EncKrbCredPart(enc_krb_cred_part_data.data,
154ca1c9b0cSelric 				enc_krb_cred_part_data.length,
155ca1c9b0cSelric 				&enc_krb_cred_part,
156ca1c9b0cSelric 				&len);
157ca1c9b0cSelric     if (enc_krb_cred_part_data.data != cred.enc_part.cipher.data)
158ca1c9b0cSelric 	krb5_data_free(&enc_krb_cred_part_data);
159ca1c9b0cSelric     if (ret) {
160ca1c9b0cSelric 	krb5_set_error_message(context, ret,
161ca1c9b0cSelric 			       N_("Failed to decode "
162ca1c9b0cSelric 				  "encrypte credential part", ""));
163ca1c9b0cSelric 	goto out;
164ca1c9b0cSelric     }
165ca1c9b0cSelric 
166ca1c9b0cSelric     /* check sender address */
167ca1c9b0cSelric 
168ca1c9b0cSelric     if (enc_krb_cred_part.s_address
169ca1c9b0cSelric 	&& auth_context->remote_address
170ca1c9b0cSelric 	&& auth_context->remote_port) {
171ca1c9b0cSelric 	krb5_address *a;
172ca1c9b0cSelric 
173ca1c9b0cSelric 	ret = krb5_make_addrport (context, &a,
174ca1c9b0cSelric 				  auth_context->remote_address,
175ca1c9b0cSelric 				  auth_context->remote_port);
176ca1c9b0cSelric 	if (ret)
177ca1c9b0cSelric 	    goto out;
178ca1c9b0cSelric 
179ca1c9b0cSelric 
180ca1c9b0cSelric 	ret = compare_addrs(context, a, enc_krb_cred_part.s_address,
181ca1c9b0cSelric 			    N_("sender address is wrong "
182ca1c9b0cSelric 			       "in received creds", ""));
183ca1c9b0cSelric 	krb5_free_address(context, a);
184ca1c9b0cSelric 	free(a);
185ca1c9b0cSelric 	if(ret)
186ca1c9b0cSelric 	    goto out;
187ca1c9b0cSelric     }
188ca1c9b0cSelric 
189ca1c9b0cSelric     /* check receiver address */
190ca1c9b0cSelric 
191ca1c9b0cSelric     if (enc_krb_cred_part.r_address
192ca1c9b0cSelric 	&& auth_context->local_address) {
193ca1c9b0cSelric 	if(auth_context->local_port &&
194ca1c9b0cSelric 	   enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) {
195ca1c9b0cSelric 	    krb5_address *a;
196ca1c9b0cSelric 	    ret = krb5_make_addrport (context, &a,
197ca1c9b0cSelric 				      auth_context->local_address,
198ca1c9b0cSelric 				      auth_context->local_port);
199ca1c9b0cSelric 	    if (ret)
200ca1c9b0cSelric 		goto out;
201ca1c9b0cSelric 
202ca1c9b0cSelric 	    ret = compare_addrs(context, a, enc_krb_cred_part.r_address,
203ca1c9b0cSelric 				N_("receiver address is wrong "
204ca1c9b0cSelric 				   "in received creds", ""));
205ca1c9b0cSelric 	    krb5_free_address(context, a);
206ca1c9b0cSelric 	    free(a);
207ca1c9b0cSelric 	    if(ret)
208ca1c9b0cSelric 		goto out;
209ca1c9b0cSelric 	} else {
210ca1c9b0cSelric 	    ret = compare_addrs(context, auth_context->local_address,
211ca1c9b0cSelric 				enc_krb_cred_part.r_address,
212ca1c9b0cSelric 				N_("receiver address is wrong "
213ca1c9b0cSelric 				   "in received creds", ""));
214ca1c9b0cSelric 	    if(ret)
215ca1c9b0cSelric 		goto out;
216ca1c9b0cSelric 	}
217ca1c9b0cSelric     }
218ca1c9b0cSelric 
219ca1c9b0cSelric     /* check timestamp */
220ca1c9b0cSelric     if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
221ca1c9b0cSelric 	krb5_timestamp sec;
222ca1c9b0cSelric 
223ca1c9b0cSelric 	krb5_timeofday (context, &sec);
224ca1c9b0cSelric 
225ca1c9b0cSelric 	if (enc_krb_cred_part.timestamp == NULL ||
226ca1c9b0cSelric 	    enc_krb_cred_part.usec      == NULL ||
227b9d004c6Schristos 	    labs(*enc_krb_cred_part.timestamp - sec)
228ca1c9b0cSelric 	    > context->max_skew) {
229ca1c9b0cSelric 	    krb5_clear_error_message (context);
230ca1c9b0cSelric 	    ret = KRB5KRB_AP_ERR_SKEW;
231ca1c9b0cSelric 	    goto out;
232ca1c9b0cSelric 	}
233ca1c9b0cSelric     }
234ca1c9b0cSelric 
235ca1c9b0cSelric     if ((auth_context->flags &
236ca1c9b0cSelric 	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
237ca1c9b0cSelric 	/* if these fields are not present in the cred-part, silently
238ca1c9b0cSelric            return zero */
239ca1c9b0cSelric 	memset(outdata, 0, sizeof(*outdata));
240ca1c9b0cSelric 	if(enc_krb_cred_part.timestamp)
241ca1c9b0cSelric 	    outdata->timestamp = *enc_krb_cred_part.timestamp;
242ca1c9b0cSelric 	if(enc_krb_cred_part.usec)
243ca1c9b0cSelric 	    outdata->usec = *enc_krb_cred_part.usec;
244ca1c9b0cSelric 	if(enc_krb_cred_part.nonce)
245ca1c9b0cSelric 	    outdata->seq = *enc_krb_cred_part.nonce;
246ca1c9b0cSelric     }
247ca1c9b0cSelric 
248ca1c9b0cSelric     /* Convert to NULL terminated list of creds */
249ca1c9b0cSelric 
250ca1c9b0cSelric     *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1,
251ca1c9b0cSelric 			sizeof(**ret_creds));
252ca1c9b0cSelric 
253ca1c9b0cSelric     if (*ret_creds == NULL) {
254b9d004c6Schristos 	ret = krb5_enomem(context);
255ca1c9b0cSelric 	goto out;
256ca1c9b0cSelric     }
257ca1c9b0cSelric 
258ca1c9b0cSelric     for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
259ca1c9b0cSelric 	KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
260ca1c9b0cSelric 	krb5_creds *creds;
261ca1c9b0cSelric 
262ca1c9b0cSelric 	creds = calloc(1, sizeof(*creds));
263ca1c9b0cSelric 	if(creds == NULL) {
264b9d004c6Schristos 	    ret = krb5_enomem(context);
265ca1c9b0cSelric 	    goto out;
266ca1c9b0cSelric 	}
267ca1c9b0cSelric 
268ca1c9b0cSelric 	ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
269ca1c9b0cSelric 			   &cred.tickets.val[i], &len, ret);
270ca1c9b0cSelric 	if (ret) {
271ca1c9b0cSelric 	    free(creds);
272ca1c9b0cSelric 	    goto out;
273ca1c9b0cSelric 	}
274ca1c9b0cSelric 	if(creds->ticket.length != len)
275ca1c9b0cSelric 	    krb5_abortx(context, "internal error in ASN.1 encoder");
276*241bea01Schristos 	ret = copy_EncryptionKey (&kci->key, &creds->session);
277*241bea01Schristos 	if (ret) {
278*241bea01Schristos 	    krb5_free_creds(context, creds);
279*241bea01Schristos 	    goto out;
280*241bea01Schristos 	}
281ca1c9b0cSelric 	if (kci->prealm && kci->pname)
282ca1c9b0cSelric 	    _krb5_principalname2krb5_principal (context,
283ca1c9b0cSelric 						&creds->client,
284ca1c9b0cSelric 						*kci->pname,
285ca1c9b0cSelric 						*kci->prealm);
286ca1c9b0cSelric 	if (kci->flags)
287ca1c9b0cSelric 	    creds->flags.b = *kci->flags;
288ca1c9b0cSelric 	if (kci->authtime)
289ca1c9b0cSelric 	    creds->times.authtime = *kci->authtime;
290ca1c9b0cSelric 	if (kci->starttime)
291ca1c9b0cSelric 	    creds->times.starttime = *kci->starttime;
292ca1c9b0cSelric 	if (kci->endtime)
293ca1c9b0cSelric 	    creds->times.endtime = *kci->endtime;
294ca1c9b0cSelric 	if (kci->renew_till)
295ca1c9b0cSelric 	    creds->times.renew_till = *kci->renew_till;
296ca1c9b0cSelric 	if (kci->srealm && kci->sname)
297ca1c9b0cSelric 	    _krb5_principalname2krb5_principal (context,
298ca1c9b0cSelric 						&creds->server,
299ca1c9b0cSelric 						*kci->sname,
300ca1c9b0cSelric 						*kci->srealm);
301ca1c9b0cSelric 	if (kci->caddr)
302ca1c9b0cSelric 	    krb5_copy_addresses (context,
303ca1c9b0cSelric 				 kci->caddr,
304ca1c9b0cSelric 				 &creds->addresses);
305ca1c9b0cSelric 
306ca1c9b0cSelric 	(*ret_creds)[i] = creds;
307ca1c9b0cSelric 
308ca1c9b0cSelric     }
309ca1c9b0cSelric     (*ret_creds)[i] = NULL;
310ca1c9b0cSelric 
311ca1c9b0cSelric     free_KRB_CRED (&cred);
312ca1c9b0cSelric     free_EncKrbCredPart(&enc_krb_cred_part);
313ca1c9b0cSelric 
314ca1c9b0cSelric     return 0;
315ca1c9b0cSelric 
316ca1c9b0cSelric   out:
317ca1c9b0cSelric     free_EncKrbCredPart(&enc_krb_cred_part);
318ca1c9b0cSelric     free_KRB_CRED (&cred);
319ca1c9b0cSelric     if(*ret_creds) {
320ca1c9b0cSelric 	for(i = 0; (*ret_creds)[i]; i++)
321ca1c9b0cSelric 	    krb5_free_creds(context, (*ret_creds)[i]);
322ca1c9b0cSelric 	free(*ret_creds);
323ca1c9b0cSelric 	*ret_creds = NULL;
324ca1c9b0cSelric     }
325ca1c9b0cSelric     return ret;
326ca1c9b0cSelric }
327ca1c9b0cSelric 
328ca1c9b0cSelric KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_rd_cred2(krb5_context context,krb5_auth_context auth_context,krb5_ccache ccache,krb5_data * in_data)329ca1c9b0cSelric krb5_rd_cred2 (krb5_context      context,
330ca1c9b0cSelric 	       krb5_auth_context auth_context,
331ca1c9b0cSelric 	       krb5_ccache       ccache,
332ca1c9b0cSelric 	       krb5_data         *in_data)
333ca1c9b0cSelric {
334ca1c9b0cSelric     krb5_error_code ret;
335ca1c9b0cSelric     krb5_creds **creds;
336ca1c9b0cSelric     int i;
337ca1c9b0cSelric 
338ca1c9b0cSelric     ret = krb5_rd_cred(context, auth_context, in_data, &creds, NULL);
339ca1c9b0cSelric     if(ret)
340ca1c9b0cSelric 	return ret;
341ca1c9b0cSelric 
342ca1c9b0cSelric     /* Store the creds in the ccache */
343ca1c9b0cSelric 
344ca1c9b0cSelric     for(i = 0; creds && creds[i]; i++) {
345ca1c9b0cSelric 	krb5_cc_store_cred(context, ccache, creds[i]);
346ca1c9b0cSelric 	krb5_free_creds(context, creds[i]);
347ca1c9b0cSelric     }
348ca1c9b0cSelric     free(creds);
349ca1c9b0cSelric     return 0;
350ca1c9b0cSelric }
351