xref: /illumos-gate/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_clnt.c (revision 55fea89dcaa64928bed4327112404dcb3e07b79f)
1 /*
2  * COPYRIGHT (C) 2006,2007
3  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
4  * ALL RIGHTS RESERVED
5  *
6  * Permission is granted to use, copy, create derivative works
7  * and redistribute this software and such derivative works
8  * for any purpose, so long as the name of The University of
9  * Michigan is not used in any advertising or publicity
10  * pertaining to the use of distribution of this software
11  * without specific, written prior authorization.  If the
12  * above copyright notice or any other identification of the
13  * University of Michigan is included in any copy of any
14  * portion of this software, then the disclaimer below must
15  * also be included.
16  *
17  * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
18  * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
19  * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
20  * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
21  * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
22  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
23  * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
24  * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
25  * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
26  * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
27  * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGES.
29  */
30 
31 /*
32  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
33  */
34 
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <errno.h>
38 #include <unistd.h>
39 #include <string.h>
40 #include <ctype.h>
41 #include <assert.h>
42 #include <dlfcn.h>
43 #include <sys/stat.h>
44 
45 #include "pkinit.h"
46 
47 #ifdef LONGHORN_BETA_COMPAT
48 /*
49  * It is anticipated that all the special checks currently
50  * required when talking to a Longhorn server will go away
51  * by the time it is officially released and all references
52  * to the longhorn global can be removed and any code
53  * #ifdef'd with LONGHORN_BETA_COMPAT can be removed.
54  *
55  * Current testing (20070620) is against a patched Beta 3
56  * version of Longhorn.  Most, if not all, problems should
57  * be fixed in SP1 of Longhorn.
58  */
59 int longhorn = 0;	/* Talking to a Longhorn server? */
60 #endif
61 
62 krb5_error_code pkinit_client_process
63 	(krb5_context context, void *plugin_context, void *request_context,
64 		krb5_get_init_creds_opt *gic_opt,
65 		preauth_get_client_data_proc get_data_proc,
66 		struct _krb5_preauth_client_rock *rock,
67 		krb5_kdc_req * request, krb5_data *encoded_request_body,
68 		krb5_data *encoded_previous_request, krb5_pa_data *in_padata,
69 		krb5_prompter_fct prompter, void *prompter_data,
70 		preauth_get_as_key_proc gak_fct, void *gak_data,
71 		krb5_data * salt, krb5_data * s2kparams,
72 		krb5_keyblock * as_key, krb5_pa_data *** out_padata);
73 
74 krb5_error_code pkinit_client_tryagain
75 	(krb5_context context, void *plugin_context, void *request_context,
76 		krb5_get_init_creds_opt *gic_opt,
77 		preauth_get_client_data_proc get_data_proc,
78 		struct _krb5_preauth_client_rock *rock,
79 		krb5_kdc_req * request, krb5_data *encoded_request_body,
80 		krb5_data *encoded_previous_request,
81 		krb5_pa_data *in_padata, krb5_error *err_reply,
82 		krb5_prompter_fct prompter, void *prompter_data,
83 		preauth_get_as_key_proc gak_fct, void *gak_data,
84 		krb5_data * salt, krb5_data * s2kparams,
85 		krb5_keyblock * as_key, krb5_pa_data *** out_padata);
86 
87 void pkinit_client_req_init
88 	(krb5_context contex, void *plugin_context, void **request_context);
89 
90 void pkinit_client_req_fini
91 	(krb5_context context, void *plugin_context, void *request_context);
92 
93 krb5_error_code pa_pkinit_gen_req
94 	(krb5_context context, pkinit_context plgctx,
95 		pkinit_req_context reqctx, krb5_kdc_req * request,
96 		krb5_pa_data * in_padata, krb5_pa_data *** out_padata,
97 		krb5_prompter_fct prompter, void *prompter_data,
98 		krb5_get_init_creds_opt *gic_opt);
99 
100 krb5_error_code pkinit_as_req_create
101 	(krb5_context context, pkinit_context plgctx,
102 		pkinit_req_context reqctx, krb5_timestamp ctsec,
103 		krb5_int32 cusec, krb5_ui_4 nonce,
104 		const krb5_checksum * cksum, krb5_principal server,
105 		krb5_data ** as_req);
106 
107 krb5_error_code pkinit_as_rep_parse
108 	(krb5_context context, pkinit_context plgctx,
109 		pkinit_req_context reqctx, krb5_preauthtype pa_type,
110 		krb5_kdc_req * request, const krb5_data * as_rep,
111 		krb5_keyblock * key_block, krb5_enctype etype, krb5_data *);
112 
113 krb5_error_code pa_pkinit_parse_rep
114 	(krb5_context context, pkinit_context plgctx,
115 		pkinit_req_context reqcxt, krb5_kdc_req * request,
116 		krb5_pa_data * in_padata, krb5_enctype etype,
117 		krb5_keyblock * as_key, krb5_data *);
118 
119 static int pkinit_client_plugin_init(krb5_context context, void **blob);
120 static void pkinit_client_plugin_fini(krb5_context context, void *blob);
121 
122 /* ARGSUSED */
123 krb5_error_code
pa_pkinit_gen_req(krb5_context context,pkinit_context plgctx,pkinit_req_context reqctx,krb5_kdc_req * request,krb5_pa_data * in_padata,krb5_pa_data *** out_padata,krb5_prompter_fct prompter,void * prompter_data,krb5_get_init_creds_opt * gic_opt)124 pa_pkinit_gen_req(krb5_context context,
125 		  pkinit_context plgctx,
126 		  pkinit_req_context reqctx,
127 		  krb5_kdc_req * request,
128 		  krb5_pa_data * in_padata,
129 		  krb5_pa_data *** out_padata,
130 		  krb5_prompter_fct prompter,
131 		  void *prompter_data,
132 		  krb5_get_init_creds_opt *gic_opt)
133 {
134 
135     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
136     krb5_data *out_data = NULL;
137     krb5_timestamp ctsec = 0;
138     krb5_int32 cusec = 0;
139     krb5_ui_4 nonce = 0;
140     krb5_checksum cksum;
141     krb5_data *der_req = NULL;
142     krb5_pa_data **return_pa_data = NULL;
143 
144     cksum.contents = NULL;
145     reqctx->pa_type = in_padata->pa_type;
146 
147     pkiDebug("kdc_options = 0x%x  till = %d\n",
148 	     request->kdc_options, request->till);
149     /* If we don't have a client, we're done */
150     if (request->client == NULL) {
151 	pkiDebug("No request->client; aborting PKINIT\n");
152 	return KRB5KDC_ERR_PREAUTH_FAILED;
153     }
154 
155     retval = pkinit_get_kdc_cert(context, plgctx->cryptoctx, reqctx->cryptoctx,
156 				 reqctx->idctx, request->server);
157     if (retval) {
158 	pkiDebug("pkinit_get_kdc_cert returned %d\n", retval);
159 	goto cleanup;
160     }
161 
162     /* checksum of the encoded KDC-REQ-BODY */
163     retval = k5int_encode_krb5_kdc_req_body(request, &der_req);
164     if (retval) {
165 	pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval);
166 	goto cleanup;
167     }
168 
169     retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL, 0,
170 				  der_req, &cksum);
171     if (retval)
172 	goto cleanup;
173 #ifdef DEBUG_CKSUM
174     pkiDebug("calculating checksum on buf size (%d)\n", der_req->length);
175     print_buffer(der_req->data, der_req->length);
176 #endif
177 
178     retval = krb5_us_timeofday(context, &ctsec, &cusec);
179     if (retval)
180 	goto cleanup;
181 
182     /* XXX PKINIT RFC says that nonce in PKAuthenticator doesn't have be the
183      * same as in the AS_REQ. However, if we pick a different nonce, then we
184      * need to remember that info when AS_REP is returned. I'm choosing to
185      * reuse the AS_REQ nonce.
186      */
187     nonce = request->nonce;
188 
189     retval = pkinit_as_req_create(context, plgctx, reqctx, ctsec, cusec,
190 				  nonce, &cksum, request->server, &out_data);
191     if (retval || !out_data->length) {
192 	pkiDebug("error %d on pkinit_as_req_create; aborting PKINIT\n",
193 		 (int) retval);
194 	goto cleanup;
195     }
196     retval = ENOMEM;
197     /*
198      * The most we'll return is two pa_data, normally just one.
199      * We need to make room for the NULL terminator.
200      */
201     return_pa_data = (krb5_pa_data **) malloc(3 * sizeof(krb5_pa_data *));
202     if (return_pa_data == NULL)
203 	goto cleanup;
204 
205     return_pa_data[1] = NULL;	/* in case of an early trip to cleanup */
206     return_pa_data[2] = NULL;	/* Terminate the list */
207 
208     return_pa_data[0] = (krb5_pa_data *) malloc(sizeof(krb5_pa_data));
209     if (return_pa_data[0] == NULL)
210 	goto cleanup;
211 
212     return_pa_data[1] = (krb5_pa_data *) malloc(sizeof(krb5_pa_data));
213     if (return_pa_data[1] == NULL)
214 	goto cleanup;
215 
216     return_pa_data[0]->magic = KV5M_PA_DATA;
217 
218     if (in_padata->pa_type == KRB5_PADATA_PK_AS_REQ_OLD)
219 	return_pa_data[0]->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
220     else
221 	return_pa_data[0]->pa_type = in_padata->pa_type;
222     return_pa_data[0]->length = out_data->length;
223     return_pa_data[0]->contents = (krb5_octet *) out_data->data;
224 
225 #ifdef LONGHORN_BETA_COMPAT
226     /*
227      * LH Beta 3 requires the extra pa-data, even for RFC requests,
228      * in order to get the Checksum rather than a Nonce in the reply.
229      * This can be removed when LH SP1 is released.
230      */
231     if ((return_pa_data[0]->pa_type == KRB5_PADATA_PK_AS_REP_OLD
232 	&& reqctx->opts->win2k_require_cksum) || (longhorn == 1)) {
233 #else
234     if ((return_pa_data[0]->pa_type == KRB5_PADATA_PK_AS_REP_OLD
235 	&& reqctx->opts->win2k_require_cksum)) {
236 #endif
237 	return_pa_data[1]->pa_type = 132;
238 	return_pa_data[1]->length = 0;
239 	return_pa_data[1]->contents = NULL;
240     } else {
241 	free(return_pa_data[1]);
242 	return_pa_data[1] = NULL;   /* Move the list terminator */
243     }
244     *out_padata = return_pa_data;
245     retval = 0;
246 
247   cleanup:
248     if (der_req != NULL)
249 	krb5_free_data(context, der_req);
250 
251     if (out_data != NULL)
252 	free(out_data);
253 
254     if (retval) {
255 	if (return_pa_data) {
256 	    if (return_pa_data[0] != NULL)
257 		free(return_pa_data[0]);
258 	    if (return_pa_data[1] != NULL)
259 		free(return_pa_data[1]);
260 	    free(return_pa_data);
261 	}
262 	if (out_data) {
263 	    free(out_data->data);
264 	    free(out_data);
265 	}
266     }
267     return retval;
268 }
269 
270 krb5_error_code
271 pkinit_as_req_create(krb5_context context,
272 		     pkinit_context plgctx,
273 		     pkinit_req_context reqctx,
274 		     krb5_timestamp ctsec,
275 		     krb5_int32 cusec,
276 		     krb5_ui_4 nonce,
277 		     const krb5_checksum * cksum,
278 		     krb5_principal server,
279 		     krb5_data ** as_req)
280 {
281     krb5_error_code retval = ENOMEM;
282     krb5_subject_pk_info *info = NULL;
283     krb5_data *coded_auth_pack = NULL;
284     krb5_auth_pack *auth_pack = NULL;
285     krb5_pa_pk_as_req *req = NULL;
286     krb5_auth_pack_draft9 *auth_pack9 = NULL;
287     krb5_pa_pk_as_req_draft9 *req9 = NULL;
288     int protocol = reqctx->opts->dh_or_rsa;
289 
290     pkiDebug("pkinit_as_req_create pa_type = %d\n", reqctx->pa_type);
291 
292     /* Create the authpack */
293     switch((int)reqctx->pa_type) {
294 	case KRB5_PADATA_PK_AS_REQ_OLD:
295 	    protocol = RSA_PROTOCOL;
296 	    init_krb5_auth_pack_draft9(&auth_pack9);
297 	    if (auth_pack9 == NULL)
298 		goto cleanup;
299 	    auth_pack9->pkAuthenticator.ctime = ctsec;
300 	    auth_pack9->pkAuthenticator.cusec = cusec;
301 	    auth_pack9->pkAuthenticator.nonce = nonce;
302 	    auth_pack9->pkAuthenticator.kdcName = server;
303 	    auth_pack9->pkAuthenticator.kdcRealm.magic = 0;
304 	    auth_pack9->pkAuthenticator.kdcRealm.data =
305 					(unsigned char *)server->realm.data;
306 	    auth_pack9->pkAuthenticator.kdcRealm.length = server->realm.length;
307 	    free(cksum->contents);
308 	    break;
309 	case KRB5_PADATA_PK_AS_REQ:
310 	    init_krb5_subject_pk_info(&info);
311 	    if (info == NULL)
312 		goto cleanup;
313 	    init_krb5_auth_pack(&auth_pack);
314 	    if (auth_pack == NULL)
315 		goto cleanup;
316 	    auth_pack->pkAuthenticator.ctime = ctsec;
317 	    auth_pack->pkAuthenticator.cusec = cusec;
318 	    auth_pack->pkAuthenticator.nonce = nonce;
319 	    auth_pack->pkAuthenticator.paChecksum = *cksum;
320 	    auth_pack->clientDHNonce.length = 0;
321 	    auth_pack->clientPublicValue = info;
322 
323 	    /* add List of CMS algorithms */
324 	    retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
325 			reqctx->cryptoctx, reqctx->idctx,
326 			&auth_pack->supportedCMSTypes);
327 	    if (retval)
328 		goto cleanup;
329 	    break;
330 	default:
331 	    pkiDebug("as_req: unrecognized pa_type = %d\n",
332 		    (int)reqctx->pa_type);
333 	    retval = -1;
334 	    goto cleanup;
335     }
336 
337     switch(protocol) {
338 	case DH_PROTOCOL:
339 	    pkiDebug("as_req: DH key transport algorithm\n");
340 	    retval = pkinit_copy_krb5_octet_data(&info->algorithm.algorithm, &dh_oid);
341 	    if (retval) {
342 		pkiDebug("failed to copy dh_oid\n");
343 		goto cleanup;
344 	    }
345 
346 	    /* create client-side DH keys */
347 	    if ((retval = client_create_dh(context, plgctx->cryptoctx,
348 		    reqctx->cryptoctx, reqctx->idctx, reqctx->opts->dh_size,
349 		    &info->algorithm.parameters.data,
350 		    &info->algorithm.parameters.length,
351 		    &info->subjectPublicKey.data,
352 		    &info->subjectPublicKey.length)) != 0) {
353 		pkiDebug("failed to create dh parameters\n");
354 		goto cleanup;
355 	    }
356 	    break;
357 	case RSA_PROTOCOL:
358 	    pkiDebug("as_req: RSA key transport algorithm\n");
359 	    switch((int)reqctx->pa_type) {
360 		case KRB5_PADATA_PK_AS_REQ_OLD:
361 		    auth_pack9->clientPublicValue = NULL;
362 		    break;
363 		case KRB5_PADATA_PK_AS_REQ:
364 		    free_krb5_subject_pk_info(&info);
365 		    auth_pack->clientPublicValue = NULL;
366 		    break;
367 	    }
368 	    break;
369 	default:
370 	    pkiDebug("as_req: unknown key transport protocol %d\n",
371 		    protocol);
372 	    retval = -1;
373 	    goto cleanup;
374     }
375 
376     /* Encode the authpack */
377     switch((int)reqctx->pa_type) {
378 	case KRB5_PADATA_PK_AS_REQ:
379 	    retval = k5int_encode_krb5_auth_pack(auth_pack, &coded_auth_pack);
380 	    break;
381 	case KRB5_PADATA_PK_AS_REQ_OLD:
382 	    retval = k5int_encode_krb5_auth_pack_draft9(auth_pack9,
383 							&coded_auth_pack);
384 	    break;
385     }
386     if (retval) {
387 	pkiDebug("failed to encode the AuthPack %d\n", retval);
388 	goto cleanup;
389     }
390 #ifdef DEBUG_ASN1
391     print_buffer_bin((unsigned char *)coded_auth_pack->data,
392 		     coded_auth_pack->length,
393 		     "/tmp/client_auth_pack");
394 #endif
395 
396     /* create PKCS7 object from authpack */
397     switch((int)reqctx->pa_type) {
398 	case KRB5_PADATA_PK_AS_REQ:
399 	    init_krb5_pa_pk_as_req(&req);
400 	    if (req == NULL) {
401 		retval = ENOMEM;
402 		goto cleanup;
403 	    }
404 	    retval = cms_signeddata_create(context, plgctx->cryptoctx,
405 		reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1,
406 		(unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
407 		&req->signedAuthPack.data, &req->signedAuthPack.length);
408 #ifdef DEBUG_ASN1
409 	    print_buffer_bin((unsigned char *)req->signedAuthPack.data,
410 			     req->signedAuthPack.length,
411 			     "/tmp/client_signed_data");
412 #endif
413 	    break;
414 	case KRB5_PADATA_PK_AS_REQ_OLD:
415 	    init_krb5_pa_pk_as_req_draft9(&req9);
416 	    if (req9 == NULL) {
417 		retval = ENOMEM;
418 		goto cleanup;
419 	    }
420 	    retval = cms_signeddata_create(context, plgctx->cryptoctx,
421 		reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_DRAFT9, 1,
422 		(unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
423 		&req9->signedAuthPack.data, &req9->signedAuthPack.length);
424 	    break;
425 #ifdef DEBUG_ASN1
426 	    print_buffer_bin((unsigned char *)req9->signedAuthPack.data,
427 			     req9->signedAuthPack.length,
428 			     "/tmp/client_signed_data_draft9");
429 #endif
430     }
431     krb5_free_data(context, coded_auth_pack);
432     if (retval) {
433 	pkiDebug("failed to create pkcs7 signed data\n");
434 	goto cleanup;
435     }
436 
437     /* create a list of trusted CAs */
438     switch((int)reqctx->pa_type) {
439 	case KRB5_PADATA_PK_AS_REQ:
440 	    retval = create_krb5_trustedCertifiers(context, plgctx->cryptoctx,
441 		reqctx->cryptoctx, reqctx->idctx, &req->trustedCertifiers);
442 	    if (retval)
443 		goto cleanup;
444 	    retval = create_issuerAndSerial(context, plgctx->cryptoctx,
445 		reqctx->cryptoctx, reqctx->idctx, &req->kdcPkId.data,
446 		&req->kdcPkId.length);
447 	    if (retval)
448 		goto cleanup;
449 
450 	    /* Encode the as-req */
451 	    retval = k5int_encode_krb5_pa_pk_as_req(req, as_req);
452 	    break;
453 	case KRB5_PADATA_PK_AS_REQ_OLD:
454 #if 0
455 	    /* W2K3 KDC doesn't like this */
456 	    retval = create_krb5_trustedCas(context, plgctx->cryptoctx,
457 		reqctx->cryptoctx, reqctx->idctx, 1, &req9->trustedCertifiers);
458 	    if (retval)
459 		goto cleanup;
460 
461 #endif
462 	    retval = create_issuerAndSerial(context, plgctx->cryptoctx,
463 		reqctx->cryptoctx, reqctx->idctx, &req9->kdcCert.data,
464 		&req9->kdcCert.length);
465 	    if (retval)
466 		goto cleanup;
467 	    /* Encode the as-req */
468 	    retval = k5int_encode_krb5_pa_pk_as_req_draft9(req9, as_req);
469 	    break;
470     }
471 #ifdef DEBUG_ASN1
472     if (!retval)
473 	print_buffer_bin((unsigned char *)(*as_req)->data, (*as_req)->length,
474 			 "/tmp/client_as_req");
475 #endif
476 
477 cleanup:
478     switch((int)reqctx->pa_type) {
479 	case KRB5_PADATA_PK_AS_REQ:
480 	    free_krb5_auth_pack(&auth_pack);
481 	    free_krb5_pa_pk_as_req(&req);
482 	    break;
483 	case KRB5_PADATA_PK_AS_REQ_OLD:
484 	    free_krb5_pa_pk_as_req_draft9(&req9);
485 	    free(auth_pack9);
486 	    break;
487     }
488 
489 
490     pkiDebug("pkinit_as_req_create retval=%d\n", (int) retval);
491 
492     return retval;
493 }
494 
495 krb5_error_code
496 pa_pkinit_parse_rep(krb5_context context,
497 		    pkinit_context plgctx,
498 		    pkinit_req_context reqctx,
499 		    krb5_kdc_req * request,
500 		    krb5_pa_data * in_padata,
501 		    krb5_enctype etype,
502 		    krb5_keyblock * as_key,
503 		    krb5_data *encoded_request)
504 {
505     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
506     krb5_data asRep = { 0, 0, NULL};
507 
508     /*
509      * One way or the other - success or failure - no other PA systems can
510      * work if the server sent us a PKINIT reply, since only we know how to
511      * decrypt the key.
512      */
513     if ((in_padata == NULL) || (in_padata->length == 0)) {
514 	pkiDebug("pa_pkinit_parse_rep: no in_padata\n");
515 	return KRB5KDC_ERR_PREAUTH_FAILED;
516     }
517 
518     asRep.data = (char *) in_padata->contents;
519     asRep.length = in_padata->length;
520 
521     retval =
522 	pkinit_as_rep_parse(context, plgctx, reqctx, in_padata->pa_type,
523 			    request, &asRep, as_key, etype, encoded_request);
524     if (retval) {
525 	pkiDebug("pkinit_as_rep_parse returned %d (%s)\n",
526 		 retval, error_message(retval));
527 	goto cleanup;
528     }
529 
530     retval = 0;
531 
532 cleanup:
533 
534     return retval;
535 }
536 
537 static krb5_error_code
538 verify_kdc_san(krb5_context context,
539 	       pkinit_context plgctx,
540 	       pkinit_req_context reqctx,
541 	       krb5_principal kdcprinc,
542 	       int *valid_san,
543 	       int *need_eku_checking)
544 {
545     krb5_error_code retval;
546     char **certhosts = NULL, **cfghosts = NULL;
547     krb5_principal *princs = NULL;
548     unsigned char ***get_dns;
549     int i, j;
550 
551     *valid_san = 0;
552     *need_eku_checking = 1;
553 
554     retval = pkinit_libdefault_strings(context,
555 				       krb5_princ_realm(context, kdcprinc),
556 				       "pkinit_kdc_hostname",
557 				       &cfghosts);
558     if (retval || cfghosts == NULL) {
559 	pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n",
560 		 __FUNCTION__);
561 	get_dns = NULL;
562     } else {
563 	pkiDebug("%s: pkinit_kdc_hostname values found in config file\n",
564 		 __FUNCTION__);
565 	get_dns = (unsigned char ***)&certhosts;
566     }
567 
568     retval = crypto_retrieve_cert_sans(context, plgctx->cryptoctx,
569 				       reqctx->cryptoctx, reqctx->idctx,
570 				       &princs, NULL, get_dns);
571     if (retval) {
572 	pkiDebug("%s: error from retrieve_certificate_sans()\n", __FUNCTION__);
573 	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
574 	goto out;
575     }
576 #if 0
577     retval = call_san_checking_plugins(context, plgctx, reqctx, idctx,
578 				       princs, hosts, &plugin_decision,
579 				       need_eku_checking);
580     pkiDebug("%s: call_san_checking_plugins() returned retval %d\n",
581 	     __FUNCTION__);
582     if (retval) {
583 	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
584 	goto out;
585     }
586     pkiDebug("%s: call_san_checking_plugins() returned decision %d and "
587 	     "need_eku_checking %d\n",
588 	     __FUNCTION__, plugin_decision, *need_eku_checking);
589     if (plugin_decision != NO_DECISION) {
590 	retval = plugin_decision;
591 	goto out;
592     }
593 #endif
594 
595     pkiDebug("%s: Checking pkinit sans\n", __FUNCTION__);
596     for (i = 0; princs != NULL && princs[i] != NULL; i++) {
597 	if (krb5_principal_compare(context, princs[i], kdcprinc)) {
598 	    pkiDebug("%s: pkinit san match found\n", __FUNCTION__);
599 	    *valid_san = 1;
600 	    *need_eku_checking = 0;
601 	    retval = 0;
602 	    goto out;
603 	}
604     }
605     pkiDebug("%s: no pkinit san match found\n", __FUNCTION__);
606 
607     if (certhosts == NULL) {
608 	pkiDebug("%s: no certhosts (or we wouldn't accept them anyway)\n",
609 		 __FUNCTION__);
610 	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
611 	goto out;
612     }
613 
614     for (i = 0; certhosts[i] != NULL; i++) {
615 	for (j = 0; cfghosts != NULL && cfghosts[j] != NULL; j++) {
616 	    pkiDebug("%s: comparing cert name '%s' with config name '%s'\n",
617 		     __FUNCTION__, certhosts[i], cfghosts[j]);
618 	    if (strcmp(certhosts[i], cfghosts[j]) == 0) {
619 		pkiDebug("%s: we have a dnsName match\n", __FUNCTION__);
620 		*valid_san = 1;
621 		retval = 0;
622 		goto out;
623 	    }
624 	}
625     }
626     pkiDebug("%s: no dnsName san match found\n", __FUNCTION__);
627 
628     /* We found no match */
629     retval = 0;
630 
631 out:
632     if (princs != NULL) {
633 	for (i = 0; princs[i] != NULL; i++)
634 	    krb5_free_principal(context, princs[i]);
635 	free(princs);
636     }
637     if (certhosts != NULL) {
638 	for (i = 0; certhosts[i] != NULL; i++)
639 	    free(certhosts[i]);
640 	free(certhosts);
641     }
642     if (cfghosts != NULL)
643 	profile_free_list(cfghosts);
644 
645     pkiDebug("%s: returning retval %d, valid_san %d, need_eku_checking %d\n",
646 	     __FUNCTION__, retval, *valid_san, *need_eku_checking);
647     return retval;
648 }
649 
650 static krb5_error_code
651 verify_kdc_eku(krb5_context context,
652 	       pkinit_context plgctx,
653 	       pkinit_req_context reqctx,
654 	       int *eku_accepted)
655 {
656     krb5_error_code retval;
657 
658     *eku_accepted = 0;
659 
660     if (reqctx->opts->require_eku == 0) {
661 	pkiDebug("%s: configuration requests no EKU checking\n", __FUNCTION__);
662 	*eku_accepted = 1;
663 	retval = 0;
664 	goto out;
665     }
666     retval = crypto_check_cert_eku(context, plgctx->cryptoctx,
667 				   reqctx->cryptoctx, reqctx->idctx,
668 				   1, /* kdc cert */
669 				   reqctx->opts->accept_secondary_eku,
670 				   eku_accepted);
671     if (retval) {
672 	pkiDebug("%s: Error from crypto_check_cert_eku %d (%s)\n",
673 		 __FUNCTION__, retval, error_message(retval));
674 	goto out;
675     }
676 
677 out:
678     pkiDebug("%s: returning retval %d, eku_accepted %d\n",
679 	     __FUNCTION__, retval, *eku_accepted);
680     return retval;
681 }
682 
683 /*
684  * Parse PA-PK-AS-REP message. Optionally evaluates the message's
685  * certificate chain.
686  * Optionally returns various components.
687  */
688 krb5_error_code
689 pkinit_as_rep_parse(krb5_context context,
690 		    pkinit_context plgctx,
691   		    pkinit_req_context reqctx,
692 		    krb5_preauthtype pa_type,
693 		    krb5_kdc_req *request,
694 		    const krb5_data *as_rep,
695 		    krb5_keyblock *key_block,
696 		    krb5_enctype etype,
697 		    krb5_data *encoded_request)
698 {
699     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
700     krb5_pa_pk_as_rep *kdc_reply = NULL;
701     krb5_kdc_dh_key_info *kdc_dh = NULL;
702     krb5_reply_key_pack *key_pack = NULL;
703     krb5_reply_key_pack_draft9 *key_pack9 = NULL;
704     krb5_octet_data dh_data = { 0, 0, NULL };
705     unsigned char *client_key = NULL, *kdc_hostname = NULL;
706     unsigned int client_key_len = 0;
707     krb5_checksum cksum = {0, 0, 0, NULL};
708     krb5_data k5data;
709     int valid_san = 0;
710     int valid_eku = 0;
711     int need_eku_checking = 1;
712 
713     assert((as_rep != NULL) && (key_block != NULL));
714 
715 #ifdef DEBUG_ASN1
716     print_buffer_bin((unsigned char *)as_rep->data, as_rep->length,
717 		     "/tmp/client_as_rep");
718 #endif
719 
720     if ((retval = k5int_decode_krb5_pa_pk_as_rep(as_rep, &kdc_reply))) {
721 	pkiDebug("decode_krb5_as_rep failed %d\n", retval);
722 	return retval;
723     }
724 
725     switch(kdc_reply->choice) {
726 	case choice_pa_pk_as_rep_dhInfo:
727 	    pkiDebug("as_rep: DH key transport algorithm\n");
728 #ifdef DEBUG_ASN1
729     print_buffer_bin(kdc_reply->u.dh_Info.dhSignedData.data,
730 	kdc_reply->u.dh_Info.dhSignedData.length, "/tmp/client_kdc_signeddata");
731 #endif
732 	    if ((retval = cms_signeddata_verify(context, plgctx->cryptoctx,
733 		    reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_SERVER,
734 		    reqctx->opts->require_crl_checking,
735 		    kdc_reply->u.dh_Info.dhSignedData.data,
736 		    kdc_reply->u.dh_Info.dhSignedData.length,
737 		    &dh_data.data, &dh_data.length, NULL, NULL)) != 0) {
738 		pkiDebug("failed to verify pkcs7 signed data\n");
739 		goto cleanup;
740 	    }
741 
742 	    break;
743 	case choice_pa_pk_as_rep_encKeyPack:
744 	    pkiDebug("as_rep: RSA key transport algorithm\n");
745 	    if ((retval = cms_envelopeddata_verify(context, plgctx->cryptoctx,
746 		    reqctx->cryptoctx, reqctx->idctx, pa_type,
747 		    reqctx->opts->require_crl_checking,
748 		    kdc_reply->u.encKeyPack.data,
749 		    kdc_reply->u.encKeyPack.length,
750 		    &dh_data.data, &dh_data.length)) != 0) {
751 		pkiDebug("failed to verify pkcs7 enveloped data\n");
752 		goto cleanup;
753 	    }
754 	    break;
755 	default:
756 	    pkiDebug("unknown as_rep type %d\n", kdc_reply->choice);
757 	    retval = -1;
758 	    goto cleanup;
759     }
760 
761     retval = verify_kdc_san(context, plgctx, reqctx, request->server,
762 			    &valid_san, &need_eku_checking);
763     if (retval)
764 	    goto cleanup;
765     if (!valid_san) {
766 	pkiDebug("%s: did not find an acceptable SAN in KDC certificate\n",
767 		 __FUNCTION__);
768 	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
769 	goto cleanup;
770     }
771 
772     if (need_eku_checking) {
773 	retval = verify_kdc_eku(context, plgctx, reqctx,
774 				&valid_eku);
775 	if (retval)
776 	    goto cleanup;
777 	if (!valid_eku) {
778 	    pkiDebug("%s: did not find an acceptable EKU in KDC certificate\n",
779 		     __FUNCTION__);
780 	    retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
781 	    goto cleanup;
782 	}
783     } else
784 	pkiDebug("%s: skipping EKU check\n", __FUNCTION__);
785 
786     OCTETDATA_TO_KRB5DATA(&dh_data, &k5data);
787 
788     switch(kdc_reply->choice) {
789 	case choice_pa_pk_as_rep_dhInfo:
790 #ifdef DEBUG_ASN1
791 	    print_buffer_bin(dh_data.data, dh_data.length,
792 			     "/tmp/client_dh_key");
793 #endif
794 	    if ((retval = k5int_decode_krb5_kdc_dh_key_info(&k5data,
795 		    &kdc_dh)) != 0) {
796 		pkiDebug("failed to decode kdc_dh_key_info\n");
797 		goto cleanup;
798 	    }
799 
800 	    /* client after KDC reply */
801 	    if ((retval = client_process_dh(context, plgctx->cryptoctx,
802 		    reqctx->cryptoctx, reqctx->idctx,
803 		    kdc_dh->subjectPublicKey.data,
804 		    kdc_dh->subjectPublicKey.length,
805 		    &client_key, &client_key_len)) != 0) {
806 		pkiDebug("failed to process dh params\n");
807 		goto cleanup;
808 	    }
809 
810 	    retval = pkinit_octetstring2key(context, etype, client_key,
811 					  client_key_len, key_block);
812 	    if (retval) {
813 		pkiDebug("failed to create key pkinit_octetstring2key %s\n",
814 			 error_message(retval));
815 		goto cleanup;
816 	    }
817 
818 	    break;
819 	case choice_pa_pk_as_rep_encKeyPack:
820 #ifdef DEBUG_ASN1
821 	    print_buffer_bin(dh_data.data, dh_data.length,
822 			     "/tmp/client_key_pack");
823 #endif
824 	    if ((retval = k5int_decode_krb5_reply_key_pack(&k5data,
825 		    &key_pack)) != 0) {
826 		pkiDebug("failed to decode reply_key_pack\n");
827 #ifdef LONGHORN_BETA_COMPAT
828     /*
829      * LH Beta 3 requires the extra pa-data, even for RFC requests,
830      * in order to get the Checksum rather than a Nonce in the reply.
831      * This can be removed when LH SP1 is released.
832      */
833 		if (pa_type == KRB5_PADATA_PK_AS_REP && longhorn == 0)
834 #else
835 		if (pa_type == KRB5_PADATA_PK_AS_REP)
836 #endif
837 		    goto cleanup;
838 		else {
839 		    if ((retval =
840 			k5int_decode_krb5_reply_key_pack_draft9(&k5data,
841 							  &key_pack9)) != 0) {
842 			pkiDebug("failed to decode reply_key_pack_draft9\n");
843 			goto cleanup;
844 		    }
845 		    pkiDebug("decode reply_key_pack_draft9\n");
846 		    if (key_pack9->nonce != request->nonce) {
847 			pkiDebug("nonce in AS_REP=%d doesn't match AS_REQ=%d\n",				 key_pack9->nonce, request->nonce);
848 			retval = -1;
849 			goto cleanup;
850 		    }
851 		    krb5_copy_keyblock_contents(context, &key_pack9->replyKey,
852 						key_block);
853 		    break;
854 		}
855 	    }
856 	    /*
857 	     * This is hack but Windows sends back SHA1 checksum
858 	     * with checksum type of 14. There is currently no
859 	     * checksum type of 14 defined.
860 	     */
861 	    if (key_pack->asChecksum.checksum_type == 14)
862 		key_pack->asChecksum.checksum_type = CKSUMTYPE_NIST_SHA;
863 	    retval = krb5_c_make_checksum(context,
864 					  key_pack->asChecksum.checksum_type,
865 					  &key_pack->replyKey,
866 					  KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
867 					  encoded_request, &cksum);
868 	    if (retval) {
869 		pkiDebug("failed to make a checksum\n");
870 		goto cleanup;
871 	    }
872 
873 	    if ((cksum.length != key_pack->asChecksum.length) ||
874 		memcmp(cksum.contents, key_pack->asChecksum.contents,
875 			cksum.length)) {
876 		pkiDebug("failed to match the checksums\n");
877 #ifdef DEBUG_CKSUM
878 	    pkiDebug("calculating checksum on buf size (%d)\n",
879 		     encoded_request->length);
880 	    print_buffer(encoded_request->data, encoded_request->length);
881 	    pkiDebug("encrypting key (%d)\n", key_pack->replyKey.length);
882 	    print_buffer(key_pack->replyKey.contents,
883 			 key_pack->replyKey.length);
884 	    pkiDebug("received checksum type=%d size=%d ",
885 		     key_pack->asChecksum.checksum_type,
886 		     key_pack->asChecksum.length);
887 	    print_buffer(key_pack->asChecksum.contents,
888 			 key_pack->asChecksum.length);
889 	    pkiDebug("expected checksum type=%d size=%d ",
890 		     cksum.checksum_type, cksum.length);
891 	    print_buffer(cksum.contents, cksum.length);
892 #endif
893 		goto cleanup;
894 	    } else
895 		pkiDebug("checksums match\n");
896 
897 	    krb5_copy_keyblock_contents(context, &key_pack->replyKey,
898 					key_block);
899 
900 	    break;
901 	default:
902 	    pkiDebug("unknow as_rep type %d\n", kdc_reply->choice);
903 	    goto cleanup;
904     }
905 
906     retval = 0;
907 
908 cleanup:
909     if (dh_data.data != NULL)
910 	free(dh_data.data);
911     if (client_key != NULL)
912 	free(client_key);
913     free_krb5_kdc_dh_key_info(&kdc_dh);
914     free_krb5_pa_pk_as_rep(&kdc_reply);
915 
916     if (key_pack != NULL) {
917 	free_krb5_reply_key_pack(&key_pack);
918 	if (cksum.contents != NULL)
919 	    free(cksum.contents);
920     }
921     if (key_pack9 != NULL)
922 	free_krb5_reply_key_pack_draft9(&key_pack9);
923 
924     if (kdc_hostname != NULL)
925 	free(kdc_hostname);
926 
927     pkiDebug("pkinit_as_rep_parse returning %d (%s)\n",
928 	     retval, error_message(retval));
929     return retval;
930 }
931 
932 static void
933 pkinit_client_profile(krb5_context context,
934 		      pkinit_context plgctx,
935 		      pkinit_req_context reqctx,
936 		      krb5_kdc_req *request)
937 {
938     char *eku_string = NULL;
939 
940     pkiDebug("pkinit_client_profile %p %p %p %p\n",
941 	     context, plgctx, reqctx, request);
942 
943     (void) pkinit_libdefault_boolean(context, &request->server->realm,
944 			      "pkinit_win2k",
945 			      reqctx->opts->win2k_target,
946 			      &reqctx->opts->win2k_target);
947     (void) pkinit_libdefault_boolean(context, &request->server->realm,
948 			      "pkinit_win2k_require_binding",
949 			      reqctx->opts->win2k_require_cksum,
950 			      &reqctx->opts->win2k_require_cksum);
951     (void) pkinit_libdefault_boolean(context, &request->server->realm,
952 			      "pkinit_require_crl_checking",
953 			      reqctx->opts->require_crl_checking,
954 			      &reqctx->opts->require_crl_checking);
955     (void) pkinit_libdefault_integer(context, &request->server->realm,
956 			      "pkinit_dh_min_bits",
957 			      reqctx->opts->dh_size,
958 			      &reqctx->opts->dh_size);
959     if (reqctx->opts->dh_size != 1024 && reqctx->opts->dh_size != 2048
960         && reqctx->opts->dh_size != 4096) {
961 	pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, "
962 		 "using default value (%d) instead\n", __FUNCTION__,
963 		 reqctx->opts->dh_size, PKINIT_DEFAULT_DH_MIN_BITS);
964 	reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
965     }
966     (void) pkinit_libdefault_string(context, &request->server->realm,
967 			     "pkinit_eku_checking",
968 			     &eku_string);
969     if (eku_string != NULL) {
970 	if (strcasecmp(eku_string, "kpKDC") == 0) {
971 	    reqctx->opts->require_eku = 1;
972 	    reqctx->opts->accept_secondary_eku = 0;
973 	} else if (strcasecmp(eku_string, "kpServerAuth") == 0) {
974 	    reqctx->opts->require_eku = 1;
975 	    reqctx->opts->accept_secondary_eku = 1;
976 	} else if (strcasecmp(eku_string, "none") == 0) {
977 	    reqctx->opts->require_eku = 0;
978 	    reqctx->opts->accept_secondary_eku = 0;
979 	} else {
980 	    pkiDebug("%s: Invalid value for pkinit_eku_checking: '%s'\n",
981 		     __FUNCTION__, eku_string);
982 	}
983 	free(eku_string);
984     }
985 #ifdef LONGHORN_BETA_COMPAT
986     /* Temporarily just set global flag from config file */
987     (void) pkinit_libdefault_boolean(context, &request->server->realm,
988 			      "pkinit_longhorn",
989 			      0,
990 			      &longhorn);
991 #endif
992 
993     /* Only process anchors here if they were not specified on command line */
994     if (reqctx->idopts->anchors == NULL)
995 	(void) pkinit_libdefault_strings(context, &request->server->realm,
996 				  "pkinit_anchors",
997 				  &reqctx->idopts->anchors);
998     /* Solaris Kerberos */
999     (void) pkinit_libdefault_strings(context, &request->server->realm,
1000 			      "pkinit_pool",
1001 			      &reqctx->idopts->intermediates);
1002     (void) pkinit_libdefault_strings(context, &request->server->realm,
1003 			      "pkinit_revoke",
1004 			      &reqctx->idopts->crls);
1005     (void) pkinit_libdefault_strings(context, &request->server->realm,
1006 			      "pkinit_identities",
1007 			      &reqctx->idopts->identity_alt);
1008 }
1009 
1010 /* ARGSUSED */
1011 krb5_error_code
1012 pkinit_client_process(krb5_context context,
1013 		      void *plugin_context,
1014 		      void *request_context,
1015 		      krb5_get_init_creds_opt *gic_opt,
1016 		      preauth_get_client_data_proc get_data_proc,
1017 		      struct _krb5_preauth_client_rock *rock,
1018 		      krb5_kdc_req *request,
1019 		      krb5_data *encoded_request_body,
1020 		      krb5_data *encoded_previous_request,
1021 		      krb5_pa_data *in_padata,
1022 		      krb5_prompter_fct prompter,
1023 		      void *prompter_data,
1024 		      preauth_get_as_key_proc gak_fct,
1025 		      void *gak_data,
1026 		      krb5_data *salt,
1027 		      krb5_data *s2kparams,
1028 		      krb5_keyblock *as_key,
1029 		      krb5_pa_data ***out_padata)
1030 {
1031     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
1032     krb5_enctype enctype = -1;
1033     krb5_data *cdata = NULL;
1034     int processing_request = 0;
1035     pkinit_context plgctx = (pkinit_context)plugin_context;
1036     pkinit_req_context reqctx = (pkinit_req_context)request_context;
1037 
1038     pkiDebug("pkinit_client_process %p %p %p %p\n",
1039 	     context, plgctx, reqctx, request);
1040 
1041     if (plgctx == NULL || reqctx == NULL)
1042 	return EINVAL;
1043 
1044     switch ((int) in_padata->pa_type) {
1045 	case KRB5_PADATA_PK_AS_REQ:
1046 	    pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n");
1047 	    processing_request = 1;
1048 	    break;
1049 
1050 	case KRB5_PADATA_PK_AS_REP:
1051 	    pkiDebug("processing KRB5_PADATA_PK_AS_REP\n");
1052 	    break;
1053 	case KRB5_PADATA_PK_AS_REP_OLD:
1054 	case KRB5_PADATA_PK_AS_REQ_OLD:
1055 	    if (in_padata->length == 0) {
1056 		pkiDebug("processing KRB5_PADATA_PK_AS_REQ_OLD\n");
1057 		in_padata->pa_type = KRB5_PADATA_PK_AS_REQ_OLD;
1058 		processing_request = 1;
1059 	    } else {
1060 		pkiDebug("processing KRB5_PADATA_PK_AS_REP_OLD\n");
1061 		in_padata->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
1062 	    }
1063 	    break;
1064 	default:
1065 	    pkiDebug("unrecognized patype = %d for PKINIT\n",
1066 		    in_padata->pa_type);
1067 	    return EINVAL;
1068     }
1069 
1070     if (processing_request) {
1071 	pkinit_client_profile(context, plgctx, reqctx, request);
1072 	/* Solaris Kerberos */
1073 	retval = pkinit_identity_set_prompter(reqctx->idctx, prompter, prompter_data);
1074 	if (retval) {
1075 	    pkiDebug("pkinit_identity_set_prompter returned %d (%s)\n",
1076 		     retval, error_message(retval));
1077 	    return retval;
1078 	}
1079 
1080 	retval = pkinit_identity_initialize(context, plgctx->cryptoctx,
1081 					    reqctx->cryptoctx, reqctx->idopts,
1082 					    reqctx->idctx, 1, request->client);
1083 	if (retval) {
1084 	    pkiDebug("pkinit_identity_initialize returned %d (%s)\n",
1085 		     retval, error_message(retval));
1086 	    return retval;
1087 	}
1088 	retval = pa_pkinit_gen_req(context, plgctx, reqctx, request,
1089 				   in_padata, out_padata, prompter,
1090 				   prompter_data, gic_opt);
1091     } else {
1092 	/*
1093 	 * Get the enctype of the reply.
1094 	 */
1095 	retval = (*get_data_proc)(context, rock,
1096 				krb5plugin_preauth_client_get_etype, &cdata);
1097 	if (retval) {
1098 	    pkiDebug("get_data_proc returned %d (%s)\n",
1099 		     retval, error_message(retval));
1100 	    return retval;
1101 	}
1102 	enctype = *((krb5_enctype *)cdata->data);
1103 	(*get_data_proc)(context, rock,
1104 			 krb5plugin_preauth_client_free_etype, &cdata);
1105 	retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request,
1106 				     in_padata, enctype, as_key,
1107 				     encoded_previous_request);
1108     }
1109 
1110     pkiDebug("pkinit_client_process: returning %d (%s)\n",
1111 	     retval, error_message(retval));
1112     return retval;
1113 }
1114 
1115 /* ARGSUSED */
1116 krb5_error_code
1117 pkinit_client_tryagain(krb5_context context,
1118 		       void *plugin_context,
1119 		       void *request_context,
1120 		       krb5_get_init_creds_opt *gic_opt,
1121 		       preauth_get_client_data_proc get_data_proc,
1122 		       struct _krb5_preauth_client_rock *rock,
1123 		       krb5_kdc_req *request,
1124 		       krb5_data *encoded_request_body,
1125 		       krb5_data *encoded_previous_request,
1126 		       krb5_pa_data *in_padata,
1127 		       krb5_error *err_reply,
1128 		       krb5_prompter_fct prompter,
1129 		       void *prompter_data,
1130 		       preauth_get_as_key_proc gak_fct,
1131 		       void *gak_data,
1132 		       krb5_data *salt,
1133 		       krb5_data *s2kparams,
1134 		       krb5_keyblock *as_key,
1135 		       krb5_pa_data ***out_padata)
1136 {
1137     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
1138     pkinit_context plgctx = (pkinit_context)plugin_context;
1139     pkinit_req_context reqctx = (pkinit_req_context)request_context;
1140     krb5_typed_data **typed_data = NULL;
1141     krb5_data scratch;
1142     krb5_external_principal_identifier **krb5_trusted_certifiers = NULL;
1143     krb5_algorithm_identifier **algId = NULL;
1144     int do_again = 0;
1145 
1146     pkiDebug("pkinit_client_tryagain %p %p %p %p\n",
1147 	     context, plgctx, reqctx, request);
1148 
1149     if (reqctx->pa_type != in_padata->pa_type)
1150 	return retval;
1151 
1152 #ifdef DEBUG_ASN1
1153     print_buffer_bin((unsigned char *)err_reply->e_data.data,
1154 		     err_reply->e_data.length, "/tmp/client_edata");
1155 #endif
1156     retval = k5int_decode_krb5_typed_data(&err_reply->e_data, &typed_data);
1157     if (retval) {
1158 	pkiDebug("decode_krb5_typed_data failed\n");
1159 	goto cleanup;
1160     }
1161 #ifdef DEBUG_ASN1
1162     print_buffer_bin(typed_data[0]->data, typed_data[0]->length,
1163 		     "/tmp/client_typed_data");
1164 #endif
1165     OCTETDATA_TO_KRB5DATA(typed_data[0], &scratch);
1166 
1167     switch(typed_data[0]->type) {
1168 	case TD_TRUSTED_CERTIFIERS:
1169 	case TD_INVALID_CERTIFICATES:
1170 	    retval = k5int_decode_krb5_td_trusted_certifiers(&scratch,
1171 		&krb5_trusted_certifiers);
1172 	    if (retval) {
1173 		pkiDebug("failed to decode sequence of trusted certifiers\n");
1174 		goto cleanup;
1175 	    }
1176 	    retval = pkinit_process_td_trusted_certifiers(context,
1177 		    plgctx->cryptoctx, reqctx->cryptoctx, reqctx->idctx,
1178 		    krb5_trusted_certifiers, typed_data[0]->type);
1179 	    if (!retval)
1180 		do_again = 1;
1181 	    break;
1182 	case TD_DH_PARAMETERS:
1183 	    retval = k5int_decode_krb5_td_dh_parameters(&scratch, &algId);
1184 	    if (retval) {
1185 		pkiDebug("failed to decode td_dh_parameters\n");
1186 		goto cleanup;
1187 	    }
1188 	    retval = pkinit_process_td_dh_params(context, plgctx->cryptoctx,
1189 		reqctx->cryptoctx, reqctx->idctx, algId,
1190 		&reqctx->opts->dh_size);
1191 	    if (!retval)
1192 		do_again = 1;
1193 	    break;
1194 	default:
1195 	    break;
1196     }
1197 
1198     if (do_again) {
1199 	retval = pa_pkinit_gen_req(context, plgctx, reqctx, request, in_padata,
1200 				   out_padata, prompter, prompter_data, gic_opt);
1201 	if (retval)
1202 	    goto cleanup;
1203     }
1204 
1205     retval = 0;
1206 cleanup:
1207     if (krb5_trusted_certifiers != NULL)
1208 	free_krb5_external_principal_identifier(&krb5_trusted_certifiers);
1209 
1210     if (typed_data != NULL)
1211 	free_krb5_typed_data(&typed_data);
1212 
1213     if (algId != NULL)
1214 	free_krb5_algorithm_identifiers(&algId);
1215 
1216     pkiDebug("pkinit_client_tryagain: returning %d (%s)\n",
1217 	     retval, error_message(retval));
1218     return retval;
1219 }
1220 
1221 /* ARGSUSED */
1222 static int
1223 pkinit_client_get_flags(krb5_context kcontext, krb5_preauthtype patype)
1224 {
1225     return PA_REAL;
1226 }
1227 
1228 static krb5_preauthtype supported_client_pa_types[] = {
1229     KRB5_PADATA_PK_AS_REP,
1230     KRB5_PADATA_PK_AS_REQ,
1231     KRB5_PADATA_PK_AS_REP_OLD,
1232     KRB5_PADATA_PK_AS_REQ_OLD,
1233     0
1234 };
1235 
1236 /* ARGSUSED */
1237 void
1238 pkinit_client_req_init(krb5_context context,
1239 		       void *plugin_context,
1240 		       void **request_context)
1241 {
1242     krb5_error_code retval = ENOMEM;
1243     struct _pkinit_req_context *reqctx = NULL;
1244     struct _pkinit_context *plgctx = (struct _pkinit_context *)plugin_context;
1245 
1246     *request_context = NULL;
1247 
1248     reqctx = (struct _pkinit_req_context *) malloc(sizeof(*reqctx));
1249     if (reqctx == NULL)
1250 	return;
1251     (void) memset(reqctx, 0, sizeof(*reqctx));
1252 
1253     reqctx->magic = PKINIT_REQ_CTX_MAGIC;
1254     reqctx->cryptoctx = NULL;
1255     reqctx->opts = NULL;
1256     reqctx->idctx = NULL;
1257     reqctx->idopts = NULL;
1258 
1259     retval = pkinit_init_req_opts(&reqctx->opts);
1260     if (retval)
1261 	goto cleanup;
1262 
1263     reqctx->opts->require_eku = plgctx->opts->require_eku;
1264     reqctx->opts->accept_secondary_eku = plgctx->opts->accept_secondary_eku;
1265     reqctx->opts->dh_or_rsa = plgctx->opts->dh_or_rsa;
1266     reqctx->opts->allow_upn = plgctx->opts->allow_upn;
1267     reqctx->opts->require_crl_checking = plgctx->opts->require_crl_checking;
1268 
1269     retval = pkinit_init_req_crypto(&reqctx->cryptoctx);
1270     if (retval)
1271 	goto cleanup;
1272 
1273     retval = pkinit_init_identity_crypto(&reqctx->idctx);
1274     if (retval)
1275 	goto cleanup;
1276 
1277     retval = pkinit_dup_identity_opts(plgctx->idopts, &reqctx->idopts);
1278     if (retval)
1279 	goto cleanup;
1280 
1281     *request_context = (void *) reqctx;
1282     pkiDebug("%s: returning reqctx at %p\n", __FUNCTION__, reqctx);
1283 
1284 cleanup:
1285     if (retval) {
1286 	if (reqctx->idctx != NULL)
1287 	    pkinit_fini_identity_crypto(reqctx->idctx);
1288 	if (reqctx->cryptoctx != NULL)
1289 	    pkinit_fini_req_crypto(reqctx->cryptoctx);
1290 	if (reqctx->opts != NULL)
1291 	    pkinit_fini_req_opts(reqctx->opts);
1292 	if (reqctx->idopts != NULL)
1293 	    pkinit_fini_identity_opts(reqctx->idopts);
1294 	free(reqctx);
1295     }
1296 
1297     return;
1298 }
1299 
1300 /* ARGSUSED */
1301 void
1302 pkinit_client_req_fini(krb5_context context,
1303 		      void *plugin_context,
1304 		      void *request_context)
1305 {
1306     struct _pkinit_req_context *reqctx =
1307 	(struct _pkinit_req_context *)request_context;
1308 
1309     pkiDebug("%s: received reqctx at %p\n", __FUNCTION__, reqctx);
1310     if (reqctx == NULL)
1311 	return;
1312     if (reqctx->magic != PKINIT_REQ_CTX_MAGIC) {
1313 	pkiDebug("%s: Bad magic value (%x) in req ctx\n",
1314 		 __FUNCTION__, reqctx->magic);
1315 	return;
1316     }
1317     if (reqctx->opts != NULL)
1318 	pkinit_fini_req_opts(reqctx->opts);
1319 
1320     if (reqctx->cryptoctx != NULL)
1321 	pkinit_fini_req_crypto(reqctx->cryptoctx);
1322 
1323     if (reqctx->idctx != NULL)
1324 	pkinit_fini_identity_crypto(reqctx->idctx);
1325 
1326     if (reqctx->idopts != NULL)
1327 	pkinit_fini_identity_opts(reqctx->idopts);
1328 
1329     free(reqctx);
1330     return;
1331 }
1332 
1333 /* ARGSUSED */
1334 static void
1335 pkinit_fini_client_profile(krb5_context context, pkinit_context plgctx)
1336 {
1337     /* This should clean up anything allocated in pkinit_init_client_profile */
1338 }
1339 
1340 /* ARGSUSED */
1341 static krb5_error_code
1342 pkinit_init_client_profile(krb5_context context, pkinit_context plgctx)
1343 {
1344     return 0;
1345 }
1346 
1347 static int
1348 pkinit_client_plugin_init(krb5_context context, void **blob)
1349 {
1350     krb5_error_code retval = ENOMEM;
1351     struct _pkinit_context *ctx = NULL;
1352 
1353     ctx = (struct _pkinit_context *)calloc(1, sizeof(*ctx));
1354     if (ctx == NULL)
1355 	return ENOMEM;
1356     (void) memset(ctx, 0, sizeof(*ctx));
1357     ctx->magic = PKINIT_CTX_MAGIC;
1358     ctx->opts = NULL;
1359     ctx->cryptoctx = NULL;
1360     ctx->idopts = NULL;
1361 
1362     retval = pkinit_accessor_init();
1363     if (retval)
1364 	goto errout;
1365 
1366     retval = pkinit_init_plg_opts(&ctx->opts);
1367     if (retval)
1368 	goto errout;
1369 
1370     retval = pkinit_init_plg_crypto(&ctx->cryptoctx);
1371     if (retval)
1372 	goto errout;
1373 
1374     retval = pkinit_init_identity_opts(&ctx->idopts);
1375     if (retval)
1376 	goto errout;
1377 
1378     retval = pkinit_init_client_profile(context, ctx);
1379     if (retval)
1380 	goto errout;
1381 
1382     *blob = ctx;
1383 
1384     pkiDebug("%s: returning plgctx at %p\n", __FUNCTION__, ctx);
1385 
1386 errout:
1387     if (retval)
1388 	pkinit_client_plugin_fini(context, ctx);
1389 
1390     return retval;
1391 }
1392 
1393 static void
1394 pkinit_client_plugin_fini(krb5_context context, void *blob)
1395 {
1396     struct _pkinit_context *ctx = (struct _pkinit_context *)blob;
1397 
1398     if (ctx == NULL || ctx->magic != PKINIT_CTX_MAGIC) {
1399 	pkiDebug("pkinit_lib_fini: got bad plgctx (%p)!\n", ctx);
1400 	return;
1401     }
1402     pkiDebug("%s: got plgctx at %p\n", __FUNCTION__, ctx);
1403 
1404     pkinit_fini_client_profile(context, ctx);
1405     pkinit_fini_identity_opts(ctx->idopts);
1406     pkinit_fini_plg_crypto(ctx->cryptoctx);
1407     pkinit_fini_plg_opts(ctx->opts);
1408     free(ctx);
1409 
1410 }
1411 
1412 /* ARGSUSED */
1413 static krb5_error_code
1414 add_string_to_array(krb5_context context, char ***array, const char *addition)
1415 {
1416     char **out = NULL;
1417 
1418     if (*array == NULL) {
1419 	out = malloc(2 * sizeof(char *));
1420 	if (out == NULL)
1421 	    return ENOMEM;
1422 	out[1] = NULL;
1423 	out[0] = strdup(addition);
1424 	if (out[0] == NULL) {
1425 	    free(out);
1426 	    return ENOMEM;
1427 	}
1428     } else {
1429 	int i;
1430 	char **a = *array;
1431 	for (i = 0; a[i] != NULL; i++);
1432 	out = malloc( (i + 2) * sizeof(char *));
1433 	if (out == NULL)
1434 	    return ENOMEM;
1435 	for (i = 0; a[i] != NULL; i++) {
1436 	    out[i] = a[i];
1437 	}
1438 	out[i++] = strdup(addition);
1439 	if (out == NULL) {
1440 	    free(out);
1441 	    return ENOMEM;
1442 	}
1443 	out[i] = NULL;
1444 	free(*array);
1445     }
1446     *array = out;
1447 
1448     return 0;
1449 }
1450 static krb5_error_code
1451 handle_gic_opt(krb5_context context,
1452 	       struct _pkinit_context *plgctx,
1453 	       const char *attr,
1454 	       const char *value)
1455 {
1456     krb5_error_code retval;
1457 
1458     if (strcmp(attr, "X509_user_identity") == 0) {
1459 	if (plgctx->idopts->identity != NULL) {
1460 	    krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
1461 		"X509_user_identity can not be given twice\n");
1462 	    return KRB5_PREAUTH_FAILED;
1463 	}
1464 	plgctx->idopts->identity = strdup(value);
1465 	if (plgctx->idopts->identity == NULL) {
1466 	    krb5_set_error_message(context, ENOMEM,
1467 		"Could not duplicate X509_user_identity value\n");
1468 	    return ENOMEM;
1469 	}
1470     } else if (strcmp(attr, "X509_anchors") == 0) {
1471 	retval = add_string_to_array(context, &plgctx->idopts->anchors, value);
1472 	if (retval)
1473 	    return retval;
1474     } else if (strcmp(attr, "flag_RSA_PROTOCOL") == 0) {
1475 	if (strcmp(value, "yes") == 0) {
1476 	    pkiDebug("Setting flag to use RSA_PROTOCOL\n");
1477 	    plgctx->opts->dh_or_rsa = RSA_PROTOCOL;
1478 	}
1479     } else if (strcmp(attr, "PIN") == 0) {
1480 	/* Solaris Kerberos: handle our PIN attr */
1481 	plgctx->idopts->PIN = strdup(value);
1482 	if (plgctx->idopts->PIN == NULL)
1483 	    return ENOMEM;
1484     }
1485     return 0;
1486 }
1487 
1488 /* ARGSUSED */
1489 static krb5_error_code
1490 pkinit_client_gic_opt(krb5_context context,
1491 		      void *plugin_context,
1492 		      krb5_get_init_creds_opt *gic_opt,
1493 		      const char *attr,
1494 		      const char *value)
1495 {
1496     krb5_error_code retval;
1497     struct _pkinit_context *plgctx = (struct _pkinit_context *)plugin_context;
1498 
1499     pkiDebug("(pkinit) received '%s' = '%s'\n", attr, value);
1500     retval = handle_gic_opt(context, plgctx, attr, value);
1501     if (retval)
1502 	return retval;
1503 
1504     return 0;
1505 }
1506 
1507 struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
1508     "pkinit",			/* name */
1509     supported_client_pa_types,	/* pa_type_list */
1510     NULL,			/* enctype_list */
1511     pkinit_client_plugin_init,	/* (*init) */
1512     pkinit_client_plugin_fini,	/* (*fini) */
1513     pkinit_client_get_flags,	/* (*flags) */
1514     pkinit_client_req_init,     /* (*client_req_init) */
1515     pkinit_client_req_fini,     /* (*client_req_fini) */
1516     pkinit_client_process,	/* (*process) */
1517     pkinit_client_tryagain,	/* (*tryagain) */
1518     pkinit_client_gic_opt	/* (*gic_opt) */
1519 };
1520