xref: /freebsd/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c (revision 884a2a699669ec61e2366e3e358342dbc94be24a) 
1 /*
2  * Copyright (c) 2006 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "ntlm/ntlm.h"
35 
36 RCSID("$Id: accept_sec_context.c 22521 2008-01-24 11:53:18Z lha $");
37 
38 /*
39  *
40  */
41 
42 OM_uint32
43 _gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx)
44 {
45     OM_uint32 maj_stat;
46 
47     *ctx = calloc(1, sizeof(**ctx));
48 
49     (*ctx)->server = &ntlmsspi_kdc_digest;
50 
51     maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx);
52     if (maj_stat != GSS_S_COMPLETE)
53 	return maj_stat;
54 
55     return GSS_S_COMPLETE;
56 }
57 
58 /*
59  *
60  */
61 
62 OM_uint32
63 _gss_ntlm_accept_sec_context
64 (OM_uint32 * minor_status,
65  gss_ctx_id_t * context_handle,
66  const gss_cred_id_t acceptor_cred_handle,
67  const gss_buffer_t input_token_buffer,
68  const gss_channel_bindings_t input_chan_bindings,
69  gss_name_t * src_name,
70  gss_OID * mech_type,
71  gss_buffer_t output_token,
72  OM_uint32 * ret_flags,
73  OM_uint32 * time_rec,
74  gss_cred_id_t * delegated_cred_handle
75     )
76 {
77     krb5_error_code ret;
78     struct ntlm_buf data;
79     ntlm_ctx ctx;
80 
81     output_token->value = NULL;
82     output_token->length = 0;
83 
84     *minor_status = 0;
85 
86     if (context_handle == NULL)
87 	return GSS_S_FAILURE;
88 
89     if (input_token_buffer == GSS_C_NO_BUFFER)
90 	return GSS_S_FAILURE;
91 
92     if (src_name)
93 	*src_name = GSS_C_NO_NAME;
94     if (mech_type)
95 	*mech_type = GSS_C_NO_OID;
96     if (ret_flags)
97 	*ret_flags = 0;
98     if (time_rec)
99 	*time_rec = 0;
100     if (delegated_cred_handle)
101 	*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
102 
103     if (*context_handle == GSS_C_NO_CONTEXT) {
104 	struct ntlm_type1 type1;
105 	OM_uint32 major_status;
106 	OM_uint32 retflags;
107 	struct ntlm_buf out;
108 
109 	major_status = _gss_ntlm_allocate_ctx(minor_status, &ctx);
110 	if (major_status)
111 	    return major_status;
112 	*context_handle = (gss_ctx_id_t)ctx;
113 
114 	/* check if the mechs is allowed by remote service */
115 	major_status = (*ctx->server->nsi_probe)(minor_status, ctx->ictx, NULL);
116 	if (major_status) {
117 	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
118 	    return major_status;
119 	}
120 
121 	data.data = input_token_buffer->value;
122 	data.length = input_token_buffer->length;
123 
124 	ret = heim_ntlm_decode_type1(&data, &type1);
125 	if (ret) {
126 	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
127 	    *minor_status = ret;
128 	    return GSS_S_FAILURE;
129 	}
130 
131 	if ((type1.flags & NTLM_NEG_UNICODE) == 0) {
132 	    heim_ntlm_free_type1(&type1);
133 	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
134 	    *minor_status = EINVAL;
135 	    return GSS_S_FAILURE;
136 	}
137 
138 	if (type1.flags & NTLM_NEG_SIGN)
139 	    ctx->gssflags |= GSS_C_CONF_FLAG;
140 	if (type1.flags & NTLM_NEG_SIGN)
141 	    ctx->gssflags |= GSS_C_INTEG_FLAG;
142 
143 	major_status = (*ctx->server->nsi_type2)(minor_status,
144 						 ctx->ictx,
145 						 type1.flags,
146 						 type1.hostname,
147 						 type1.domain,
148 						 &retflags,
149 						 &out);
150 	heim_ntlm_free_type1(&type1);
151 	if (major_status != GSS_S_COMPLETE) {
152 	    OM_uint32 junk;
153 	    _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
154 	    return major_status;
155 	}
156 
157 	output_token->value = malloc(out.length);
158 	if (output_token->value == NULL) {
159 	    OM_uint32 junk;
160 	    _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
161 	    *minor_status = ENOMEM;
162 	    return GSS_S_FAILURE;
163 	}
164 	memcpy(output_token->value, out.data, out.length);
165 	output_token->length = out.length;
166 
167 	ctx->flags = retflags;
168 
169 	return GSS_S_CONTINUE_NEEDED;
170     } else {
171 	OM_uint32 maj_stat;
172 	struct ntlm_type3 type3;
173 	struct ntlm_buf session;
174 
175 	ctx = (ntlm_ctx)*context_handle;
176 
177 	data.data = input_token_buffer->value;
178 	data.length = input_token_buffer->length;
179 
180 	ret = heim_ntlm_decode_type3(&data, 1, &type3);
181 	if (ret) {
182 	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
183 	    *minor_status = ret;
184 	    return GSS_S_FAILURE;
185 	}
186 
187 	maj_stat = (*ctx->server->nsi_type3)(minor_status,
188 					     ctx->ictx,
189 					     &type3,
190 					     &session);
191 	if (maj_stat) {
192 	    heim_ntlm_free_type3(&type3);
193 	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
194 	    return maj_stat;
195 	}
196 
197 	if (src_name) {
198 	    ntlm_name n = calloc(1, sizeof(*n));
199 	    if (n) {
200 		n->user = strdup(type3.username);
201 		n->domain = strdup(type3.targetname);
202 	    }
203 	    if (n == NULL || n->user == NULL || n->domain == NULL) {
204 		heim_ntlm_free_type3(&type3);
205 		_gss_ntlm_delete_sec_context(minor_status,
206 					     context_handle, NULL);
207 		return maj_stat;
208 	    }
209 	    *src_name = (gss_name_t)n;
210 	}
211 
212 	heim_ntlm_free_type3(&type3);
213 
214 	ret = krb5_data_copy(&ctx->sessionkey,
215 			     session.data, session.length);
216 	if (ret) {
217 	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
218 	    *minor_status = ret;
219 	    return GSS_S_FAILURE;
220 	}
221 
222 	if (session.length != 0) {
223 
224 	    ctx->status |= STATUS_SESSIONKEY;
225 
226 	    if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
227 		_gss_ntlm_set_key(&ctx->u.v2.send, 1,
228 				  (ctx->flags & NTLM_NEG_KEYEX),
229 				  ctx->sessionkey.data,
230 				  ctx->sessionkey.length);
231 		_gss_ntlm_set_key(&ctx->u.v2.recv, 0,
232 				  (ctx->flags & NTLM_NEG_KEYEX),
233 				  ctx->sessionkey.data,
234 				  ctx->sessionkey.length);
235 	    } else {
236 		RC4_set_key(&ctx->u.v1.crypto_send.key,
237 			    ctx->sessionkey.length,
238 			    ctx->sessionkey.data);
239 		RC4_set_key(&ctx->u.v1.crypto_recv.key,
240 			    ctx->sessionkey.length,
241 			    ctx->sessionkey.data);
242 	    }
243 	}
244 
245 	if (mech_type)
246 	    *mech_type = GSS_NTLM_MECHANISM;
247 	if (time_rec)
248 	    *time_rec = GSS_C_INDEFINITE;
249 
250 	ctx->status |= STATUS_OPEN;
251 
252 	if (ret_flags)
253 	    *ret_flags = ctx->gssflags;
254 
255 	return GSS_S_COMPLETE;
256     }
257 }
258