1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22
23 /*
24 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
25 * Use is subject to license terms.
26 */
27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29 /*
30 * Portions of this source code were derived from Berkeley
31 * 4.3 BSD under license from the Regents of the University of
32 * California.
33 */
34
35 #pragma ident "%Z%%M% %I% %E% SMI"
36
37 /*
38 * auth_des.c, client-side implementation of DES authentication
39 *
40 */
41
42 #include "mt.h"
43 #include "rpc_mt.h"
44 #include <rpc/rpc.h>
45 #include <rpc/des_crypt.h>
46 #include <syslog.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <synch.h>
50 #undef NIS
51 #include <rpcsvc/nis.h>
52
53 #define USEC_PER_SEC 1000000
54 #define RTIME_TIMEOUT 5 /* seconds to wait for sync */
55
56 extern bool_t xdr_authdes_cred(XDR *, struct authdes_cred *);
57 extern bool_t xdr_authdes_verf(XDR *, struct authdes_verf *);
58 extern int key_encryptsession_pk(const char *, netobj *, des_block *);
59
60 extern bool_t __rpc_get_time_offset(struct timeval *, nis_server *, char *,
61 char **, char **);
62 static struct auth_ops *authdes_ops(void);
63 static bool_t authdes_refresh(AUTH *, void *);
64
65 /*
66 * This struct is pointed to by the ah_private field of an "AUTH *"
67 */
68 struct ad_private {
69 char *ad_fullname; /* client's full name */
70 uint_t ad_fullnamelen; /* length of name, rounded up */
71 char *ad_servername; /* server's full name */
72 size_t ad_servernamelen; /* length of name, rounded up */
73 uint_t ad_window; /* client specified window */
74 bool_t ad_dosync; /* synchronize? */
75 char *ad_timehost; /* remote host to sync with */
76 struct timeval ad_timediff; /* server's time - client's time */
77 uint_t ad_nickname; /* server's nickname for client */
78 struct authdes_cred ad_cred; /* storage for credential */
79 struct authdes_verf ad_verf; /* storage for verifier */
80 struct timeval ad_timestamp; /* timestamp sent */
81 des_block ad_xkey; /* encrypted conversation key */
82 uchar_t ad_pkey[1024]; /* Servers actual public key */
83 char *ad_netid; /* Timehost netid */
84 char *ad_uaddr; /* Timehost uaddr */
85 nis_server *ad_nis_srvr; /* NIS+ server struct */
86 };
87
88 extern AUTH *authdes_pk_seccreate(const char *, netobj *, uint_t, const char *,
89 const des_block *, nis_server *);
90
91 /*
92 * documented version of authdes_seccreate
93 */
94 /*
95 * servername: network name of server
96 * win: time to live
97 * timehost: optional hostname to sync with
98 * ckey: optional conversation key to use
99 */
100
101 AUTH *
authdes_seccreate(const char * servername,const uint_t win,const char * timehost,const des_block * ckey)102 authdes_seccreate(const char *servername, const uint_t win,
103 const char *timehost, const des_block *ckey)
104 {
105 uchar_t pkey_data[1024];
106 netobj pkey;
107
108 if (!getpublickey(servername, (char *)pkey_data)) {
109 syslog(LOG_ERR,
110 "authdes_seccreate: no public key found for %s",
111 servername);
112
113 return (NULL);
114 }
115
116 pkey.n_bytes = (char *)pkey_data;
117 pkey.n_len = (uint_t)strlen((char *)pkey_data) + 1;
118 return (authdes_pk_seccreate(servername, &pkey, win, timehost,
119 ckey, NULL));
120 }
121
122 /*
123 * Slightly modified version of authdes_seccreate which takes the public key
124 * of the server principal as an argument. This spares us a call to
125 * getpublickey() which in the nameserver context can cause a deadlock.
126 */
127
128 AUTH *
authdes_pk_seccreate(const char * servername,netobj * pkey,uint_t window,const char * timehost,const des_block * ckey,nis_server * srvr)129 authdes_pk_seccreate(const char *servername, netobj *pkey, uint_t window,
130 const char *timehost, const des_block *ckey, nis_server *srvr)
131 {
132 AUTH *auth;
133 struct ad_private *ad;
134 char namebuf[MAXNETNAMELEN+1];
135
136 /*
137 * Allocate everything now
138 */
139 auth = malloc(sizeof (AUTH));
140 if (auth == NULL) {
141 syslog(LOG_ERR, "authdes_pk_seccreate: out of memory");
142 return (NULL);
143 }
144 ad = malloc(sizeof (struct ad_private));
145 if (ad == NULL) {
146 syslog(LOG_ERR, "authdes_pk_seccreate: out of memory");
147 goto failed;
148 }
149 ad->ad_fullname = ad->ad_servername = NULL; /* Sanity reasons */
150 ad->ad_timehost = NULL;
151 ad->ad_netid = NULL;
152 ad->ad_uaddr = NULL;
153 ad->ad_nis_srvr = NULL;
154 ad->ad_timediff.tv_sec = 0;
155 ad->ad_timediff.tv_usec = 0;
156 (void) memcpy(ad->ad_pkey, pkey->n_bytes, pkey->n_len);
157 if (!getnetname(namebuf))
158 goto failed;
159 ad->ad_fullnamelen = RNDUP((uint_t)strlen(namebuf));
160 ad->ad_fullname = malloc(ad->ad_fullnamelen + 1);
161 ad->ad_servernamelen = strlen(servername);
162 ad->ad_servername = malloc(ad->ad_servernamelen + 1);
163
164 if (ad->ad_fullname == NULL || ad->ad_servername == NULL) {
165 syslog(LOG_ERR, "authdes_seccreate: out of memory");
166 goto failed;
167 }
168 if (timehost != NULL) {
169 ad->ad_timehost = malloc(strlen(timehost) + 1);
170 if (ad->ad_timehost == NULL) {
171 syslog(LOG_ERR, "authdes_seccreate: out of memory");
172 goto failed;
173 }
174 (void) memcpy(ad->ad_timehost, timehost, strlen(timehost) + 1);
175 ad->ad_dosync = TRUE;
176 } else if (srvr != NULL) {
177 ad->ad_nis_srvr = srvr; /* transient */
178 ad->ad_dosync = TRUE;
179 } else {
180 ad->ad_dosync = FALSE;
181 }
182 (void) memcpy(ad->ad_fullname, namebuf, ad->ad_fullnamelen + 1);
183 (void) memcpy(ad->ad_servername, servername, ad->ad_servernamelen + 1);
184 ad->ad_window = window;
185 if (ckey == NULL) {
186 if (key_gendes(&auth->ah_key) < 0) {
187 syslog(LOG_ERR,
188 "authdes_seccreate: keyserv(1m) is unable to generate session key");
189 goto failed;
190 }
191 } else
192 auth->ah_key = *ckey;
193
194 /*
195 * Set up auth handle
196 */
197 auth->ah_cred.oa_flavor = AUTH_DES;
198 auth->ah_verf.oa_flavor = AUTH_DES;
199 auth->ah_ops = authdes_ops();
200 auth->ah_private = (caddr_t)ad;
201
202 if (!authdes_refresh(auth, NULL)) {
203 goto failed;
204 }
205 ad->ad_nis_srvr = NULL; /* not needed any longer */
206 return (auth);
207
208 failed:
209 if (auth)
210 free(auth);
211 if (ad) {
212 if (ad->ad_fullname)
213 free(ad->ad_fullname);
214 if (ad->ad_servername)
215 free(ad->ad_servername);
216 if (ad->ad_timehost)
217 free(ad->ad_timehost);
218 if (ad->ad_netid)
219 free(ad->ad_netid);
220 if (ad->ad_uaddr)
221 free(ad->ad_uaddr);
222 free(ad);
223 }
224 return (NULL);
225 }
226
227 /*
228 * Implement the five authentication operations
229 */
230
231 /*
232 * 1. Next Verifier
233 */
234 /*ARGSUSED*/
235 static void
authdes_nextverf(AUTH * auth)236 authdes_nextverf(AUTH *auth)
237 {
238 /* what the heck am I supposed to do??? */
239 }
240
241
242 /*
243 * 2. Marshal
244 */
245 static bool_t
authdes_marshal(AUTH * auth,XDR * xdrs)246 authdes_marshal(AUTH *auth, XDR *xdrs)
247 {
248 /* LINTED pointer alignment */
249 struct ad_private *ad = (struct ad_private *)auth->ah_private;
250 struct authdes_cred *cred = &ad->ad_cred;
251 struct authdes_verf *verf = &ad->ad_verf;
252 des_block cryptbuf[2];
253 des_block ivec;
254 int status;
255 int len;
256 rpc_inline_t *ixdr;
257
258 /*
259 * Figure out the "time", accounting for any time difference
260 * with the server if necessary.
261 */
262 (void) gettimeofday(&ad->ad_timestamp, NULL);
263 ad->ad_timestamp.tv_sec += ad->ad_timediff.tv_sec;
264 ad->ad_timestamp.tv_usec += ad->ad_timediff.tv_usec;
265 while (ad->ad_timestamp.tv_usec >= USEC_PER_SEC) {
266 ad->ad_timestamp.tv_usec -= USEC_PER_SEC;
267 ad->ad_timestamp.tv_sec++;
268 }
269
270 /*
271 * XDR the timestamp and possibly some other things, then
272 * encrypt them.
273 */
274 ixdr = (rpc_inline_t *)cryptbuf;
275 IXDR_PUT_INT32(ixdr, ad->ad_timestamp.tv_sec);
276 IXDR_PUT_INT32(ixdr, ad->ad_timestamp.tv_usec);
277 if (ad->ad_cred.adc_namekind == ADN_FULLNAME) {
278 IXDR_PUT_U_INT32(ixdr, ad->ad_window);
279 IXDR_PUT_U_INT32(ixdr, ad->ad_window - 1);
280 ivec.key.high = ivec.key.low = 0;
281 status = cbc_crypt((char *)&auth->ah_key, (char *)cryptbuf,
282 2 * sizeof (des_block),
283 DES_ENCRYPT | DES_HW, (char *)&ivec);
284 } else {
285 status = ecb_crypt((char *)&auth->ah_key, (char *)cryptbuf,
286 sizeof (des_block),
287 DES_ENCRYPT | DES_HW);
288 }
289 if (DES_FAILED(status)) {
290 syslog(LOG_ERR, "authdes_marshal: DES encryption failure");
291 return (FALSE);
292 }
293 ad->ad_verf.adv_xtimestamp = cryptbuf[0];
294 if (ad->ad_cred.adc_namekind == ADN_FULLNAME) {
295 ad->ad_cred.adc_fullname.window = cryptbuf[1].key.high;
296 ad->ad_verf.adv_winverf = cryptbuf[1].key.low;
297 } else {
298 ad->ad_cred.adc_nickname = ad->ad_nickname;
299 ad->ad_verf.adv_winverf = 0;
300 }
301
302 /*
303 * Serialize the credential and verifier into opaque
304 * authentication data.
305 */
306 if (ad->ad_cred.adc_namekind == ADN_FULLNAME) {
307 len = ((1 + 1 + 2 + 1)*BYTES_PER_XDR_UNIT + ad->ad_fullnamelen);
308 } else {
309 len = (1 + 1)*BYTES_PER_XDR_UNIT;
310 }
311
312 if (ixdr = xdr_inline(xdrs, 2*BYTES_PER_XDR_UNIT)) {
313 IXDR_PUT_INT32(ixdr, AUTH_DES);
314 IXDR_PUT_INT32(ixdr, len);
315 } else {
316 if (!xdr_putint32(xdrs, (int *)&auth->ah_cred.oa_flavor))
317 return (FALSE);
318 if (!xdr_putint32(xdrs, &len))
319 return (FALSE);
320 }
321 if (!xdr_authdes_cred(xdrs, cred))
322 return (FALSE);
323
324 len = (2 + 1)*BYTES_PER_XDR_UNIT;
325 if (ixdr = xdr_inline(xdrs, 2*BYTES_PER_XDR_UNIT)) {
326 IXDR_PUT_INT32(ixdr, AUTH_DES);
327 IXDR_PUT_INT32(ixdr, len);
328 } else {
329 if (!xdr_putint32(xdrs, (int *)&auth->ah_verf.oa_flavor))
330 return (FALSE);
331 if (!xdr_putint32(xdrs, &len))
332 return (FALSE);
333 }
334 return (xdr_authdes_verf(xdrs, verf));
335 }
336
337
338 /*
339 * 3. Validate
340 */
341 static bool_t
authdes_validate(AUTH * auth,struct opaque_auth * rverf)342 authdes_validate(AUTH *auth, struct opaque_auth *rverf)
343 {
344 /* LINTED pointer alignment */
345 struct ad_private *ad = (struct ad_private *)auth->ah_private;
346 struct authdes_verf verf;
347 int status;
348 uint32_t *ixdr;
349 des_block buf;
350
351 if (rverf->oa_length != (2 + 1) * BYTES_PER_XDR_UNIT)
352 return (FALSE);
353 /* LINTED pointer alignment */
354 ixdr = (uint32_t *)rverf->oa_base;
355 buf.key.high = (uint32_t)*ixdr++;
356 buf.key.low = (uint32_t)*ixdr++;
357 verf.adv_int_u = (uint32_t)*ixdr++;
358
359 /*
360 * Decrypt the timestamp
361 */
362 status = ecb_crypt((char *)&auth->ah_key, (char *)&buf,
363 sizeof (des_block), DES_DECRYPT | DES_HW);
364
365 if (DES_FAILED(status)) {
366 syslog(LOG_ERR, "authdes_validate: DES decryption failure");
367 return (FALSE);
368 }
369
370 /*
371 * xdr the decrypted timestamp
372 */
373 /* LINTED pointer alignment */
374 ixdr = (uint32_t *)buf.c;
375 verf.adv_timestamp.tv_sec = IXDR_GET_INT32(ixdr) + 1;
376 verf.adv_timestamp.tv_usec = IXDR_GET_INT32(ixdr);
377
378 /*
379 * validate
380 */
381 if (memcmp(&ad->ad_timestamp, &verf.adv_timestamp,
382 sizeof (struct timeval)) != 0) {
383 syslog(LOG_DEBUG, "authdes_validate: verifier mismatch");
384 return (FALSE);
385 }
386
387 /*
388 * We have a nickname now, let's use it
389 */
390 ad->ad_nickname = verf.adv_nickname;
391 ad->ad_cred.adc_namekind = ADN_NICKNAME;
392 return (TRUE);
393 }
394
395 /*
396 * 4. Refresh
397 */
398 /*ARGSUSED*/
399 static bool_t
authdes_refresh(AUTH * auth,void * dummy)400 authdes_refresh(AUTH *auth, void *dummy)
401 {
402 /* LINTED pointer alignment */
403 struct ad_private *ad = (struct ad_private *)auth->ah_private;
404 struct authdes_cred *cred = &ad->ad_cred;
405 int ok;
406 netobj pkey;
407
408 if (ad->ad_dosync) {
409 ok = __rpc_get_time_offset(&ad->ad_timediff, ad->ad_nis_srvr,
410 ad->ad_timehost, &(ad->ad_uaddr),
411 &(ad->ad_netid));
412 if (!ok) {
413 /*
414 * Hope the clocks are synced!
415 */
416 ad->ad_dosync = 0;
417 syslog(LOG_DEBUG,
418 "authdes_refresh: unable to synchronize clock");
419 }
420 }
421 ad->ad_xkey = auth->ah_key;
422 pkey.n_bytes = (char *)(ad->ad_pkey);
423 pkey.n_len = (uint_t)strlen((char *)ad->ad_pkey) + 1;
424 if (key_encryptsession_pk(ad->ad_servername, &pkey, &ad->ad_xkey) < 0) {
425 syslog(LOG_INFO,
426 "authdes_refresh: keyserv(1m) is unable to encrypt session key");
427 return (FALSE);
428 }
429 cred->adc_fullname.key = ad->ad_xkey;
430 cred->adc_namekind = ADN_FULLNAME;
431 cred->adc_fullname.name = ad->ad_fullname;
432 return (TRUE);
433 }
434
435
436 /*
437 * 5. Destroy
438 */
439 static void
authdes_destroy(AUTH * auth)440 authdes_destroy(AUTH *auth)
441 {
442 /* LINTED pointer alignment */
443 struct ad_private *ad = (struct ad_private *)auth->ah_private;
444
445 free(ad->ad_fullname);
446 free(ad->ad_servername);
447 if (ad->ad_timehost)
448 free(ad->ad_timehost);
449 if (ad->ad_netid)
450 free(ad->ad_netid);
451 if (ad->ad_uaddr)
452 free(ad->ad_uaddr);
453 free(ad);
454 free(auth);
455 }
456
457 static struct auth_ops *
authdes_ops(void)458 authdes_ops(void)
459 {
460 static struct auth_ops ops;
461 extern mutex_t ops_lock;
462
463 /* VARIABLES PROTECTED BY ops_lock: ops */
464
465 (void) mutex_lock(&ops_lock);
466 if (ops.ah_nextverf == NULL) {
467 ops.ah_nextverf = authdes_nextverf;
468 ops.ah_marshal = authdes_marshal;
469 ops.ah_validate = authdes_validate;
470 ops.ah_refresh = authdes_refresh;
471 ops.ah_destroy = authdes_destroy;
472 }
473 (void) mutex_unlock(&ops_lock);
474 return (&ops);
475 }
476